JK2 & JK3 Forcestring Server Crash Fix

Welcome back after a long holiday! We've all gotten our rest and relaxation, but it's time to get back to work. Gamall, who has brought us v...

Re-Upload

Uploading...
Do not refresh or leave this page!

Re-Upload

The forcecrashfix.zip file you have requested: Star Wars: Jedi Knight - Jedi Academy / Server Tools / JK2 & JK3 Forcestring Server Crash Fix - 1.41MB is not available. Perhaps try browsing all files for the game Star Wars: Jedi Knight - Jedi Academy and upload any files you want to share or are missing.

We are calling on our community to help submit files that were previously hosted on GameFront / FileFront but are now missing.

If you have this file, please upload it using the form below (please ensure the filename and filesize match) and we shall do the rest.

File Description

Welcome back after a long holiday! We've all gotten our rest and relaxation, but it's time to get back to work. Gamall, who has brought us various security fixes for JK3 servers before, now brings us an exploit fix that will work for both JK2 and JK3. Now I'm a dunce in this department, so I'm pleased that Gamall included a very detailed read-me regarding the exploit.

Apparently if a user inputs an improper force value, he or she can manage to crash a server when the changes are applied. This utility should fix this problem by some means that are beyond my comprehension. But they should be fixed, which is the important bit. The source code is also included for those that may want to consider implementing this crash fix into their own mods.

For those interested this is also technically an update for his BaseJKA Security Fix. This utility is basically an updated version of that with the crash fix implemented into it. A separate read-me for that is included inside the archive. Be sure to check it out!

~Inyri

Read More

Readme
*****************************************************************
**                  JEDI KNIGHT: Jedi Academy                  **
*****************************************************************
 
  #-----------------------------------------------------------#  
  #      TITLE : JK2 & JK3 Forcestring server crash Fix       #  
  #                                                           #  
  #        VERSION : 1.1a [BaseJKA Security Fix v1.1a]        #  
  #               AUTHOR : Gamall Wednesday Ida               #  
  #               E-MAIL : gamall.ida@gmail.com               #  
  #              WEBSITE : http://gamall-ida.com              #  
  #                                                           #  
  #           LICENSE : All code released under the           #  
  #                GNU General Public License                 #  
  #                                                           #  
  #                     FILESIZE : ~ 4 Mo                     #  
  #               RELEASE DATE : December 2007                #  
  #-----------------------------------------------------------#  
 
 
 
+   READ ME! (CONTACT)                                           
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 Should  you  want  to  contact me, do NOT jump on my email, you 
 won't get an answer. Read the "CONTACT" section near the end of 
 that file instead ;-).                                          
 
 
+   ABOUT THIS FILE                                              
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 There are two parts to this file: The most important one is the 
 readme file you are  presently  reading,  which  describes  the 
 vulnerability   and   the   fix   for   both   JK2   and   JK3. 
                                                                 
 The second part is an update to my mod "BaseJKA Security  Fix", 
 which uses said fix. The update provides both linux and Windows 
 binaries,  and  updated  source-code files. See the mod's topic 
 for more information.                                           
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
       http://gamall-ida.com/f/viewtopic.php?f=3&t=120
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
 
 
+   DESCRIPTION OF THE VULNERABILITY                             
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 This is a very old crash, which  has  been  around  since  JK2. 
 Oddly enough, though it has been patched in several mods, there 
 doesn't  seem to be anything relevant on the net describing the 
 bug and the ways to patch it. I didn't even hear  of  it  until 
 very  recently. Here is a full description of the bug and a fix 
 for it, destined to any modder who has not fixed that in  their 
 mod yet:                                                        
                                                                 
 BUG:  In  both  JK2  and  JKA,  in  source file game/w_force.c, 
 procedure void WP_InitForcePowers( gentity_t *ent  )  fails  to 
 perform  proper sanity checks on "forcepowers" userinfo and may 
 crash when  attempting  to  parse  an  incorrect  force  powers 
 string.  [A  mod  compiled  in  DEBUG  mode  doesn't seem to be 
 vulnerable, though, but that's not really a good way to fix  it 
 ;-) ].                                                          
                                                                 
 EXPLOIT:  Any  player  can  cause a server crash by setting his 
 forcepowers to an incorrect value.  For  instance,  /kill  then 
 "/set forcepowers 1337; wait 1 ; forcechanged" will result in a 
 server     crash     when     joining     the    game    again. 
                                                                 
 FIX: Write the missing sanity check. The  fix  I  have  written 
 should  work  on both JK2 and JKA, but I have only tested it on 
 the latter. It is integrated in my mod "BaseJKA Security  Fix", 
 in version 1.1a.                                                
 
 
+   THE FIX                                                      
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 FILE: w_force.c                                                 
 FIND LINE:                                                      
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
       void WP_InitForcePowers( gentity_t *ent )
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
 
 BEFORE, ADD:                                                    
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
       /*
        * Gamall Wednesday Ida
        * Workaround Force crash
        * License GPL.
        */
       
       // if the force string is incorrect, this one will be used
       char  *gaGENERIC_FORCE	= "7-1-033330000000000333";
       // masks: no values outside these boundaries will be accepted
       char  *gaFORCE_LOWER 	= "0-1-000000000000000000";
       char  *gaFORCE_UPPER 	= "7-2-333333333333333333";
       
       char* gaCheckForceString(char* s) {
           char *p = s, *pu = gaFORCE_UPPER, *pl = gaFORCE_LOWER;
           if (!s || strlen(s) != 22) return gaGENERIC_FORCE;
           while(*p) {if (*p > *pu++ || *p++ < *pl++) {return gaGENERIC_FORCE;}}
           return s;	
       }
       
       // GWI: End Force Crash workaround.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
 
 FIND  LINE:  [end of declaration block of WP_InitForcePowers()] 
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
         qboolean didEvent = qfalse;
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
 
 AFTER, ADD:                                                     
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
       // GWI: force crash
       char* temp;
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
 
 FIND LINE:                                                      
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
       Q_strncpyz( forcePowers, Info_ValueForKey (userinfo, "forcepowers"), sizeof( forcePowers ) );
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
 
 AFTER, ADD:                                                     
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
       // GWI: Force crash
       temp = gaCheckForceString(forcePowers);
       if (temp != forcePowers) {
         trap_SendServerCommand(ent->client->pers.clientNum, 
             va("print "^1Incorrect force string '%s'. Replaced by default.\n"", forcePowers));
         G_LogPrintf("FORCE CRASH: Client num %d tried to take incorrect forcestring '%s'.",
                     ent->client->pers.clientNum, 
                     forcePowers);
         Q_strncpyz( forcePowers, temp, sizeof( forcePowers ) );
       } // End force crash workaround
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
 
 
+   CONTACT / SUPPORT                                            
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 If you need help or have suggestions, comments, insults, praise 
 or in general, anything to say  about  this  program  that  you 
 expect  me  to read and answer to, please post on the program's 
 topic on my website:                                            
 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
       	http://gamall-ida.com/f/viewtopic.php?f=3&t=356
       	OR (BaseJKA Security Fix's topic)
       	http://gamall-ida.com/f/viewtopic.php?f=3&t=120
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
 
 The only circumstance in which my personal email is the  proper 
 way  to  contact  me is when my website is down for maintenance 
 for a long time, which is very infrequent.                      
 
 
+   CREDITS:                                                     
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-o          +
 
 Thanks to evan1715 for  bringing  the  crash  to  my  attention 
 (though he drives me mad :D)                                    
                                                                 
 A  snippet  of  old  code from MasterHex and Ensiform helped me 
 locate the problem. Thanks to them.                             
 
 THIS MODIFICATION IS NOT MADE,  DISTRIBUTED,  OR  SUPPORTED  BY 
 ACTIVISION,  RAVEN,  OR  LUCASARTS  ENTERTAINMENT  COMPANY LLC. 
 ELEMENTS TM & © LUCASARTS ENTERTAINMENT COMPANY LLC AND/OR ITS 
 LICENSORS.                                                      
 



  +-----------------------------+
  | File generated with 'GaTeX',|
  | an ASCII typesetting system |
  | by  Gamall  Wednesday  Ida. |
  |   http://gamall-ida.com     |
  +-----------------------------+
  Build: Fri Dec 21 18:35:53 2007
  File : F:readme.GaTeX.source

Read More

Comments on this File

There are no comments yet. Be the first!

Gamall


50 XP


Registered 11th March 2007

14 Files Uploaded

Share This File
Embed File