No "Ingame Crash" Patch

Well this is a small mod that really only serves one purpose that is already taken care of. Some people might be familiar with the buffer ov...

Download

Uploading...
Do not refresh or leave this page!

File Description

Well this is a small mod that really only serves one purpose that is already taken care of. Some people might be familiar with the buffer overflow attack. It’s a really annoying attack that causes a persons game to crash. Anyways, this fixes that, for both Linux and Windows servers.

I stand corrected. This fixes a problem that was not covered by sv_floodprotect 1, which prevents chat flooding. This tool prevents flooding from outside programs, or sending extremely long strings of text to the server. I apologize for this.

-Bah. I did it incorrectly again. Here it is from the author.

flood ---fixed from day one in basejka (sv_floodprotect) so irrelevant. (FIXED)

ingame buffer overflow / using say etc to pass too long strings / jampgame (FIXED : L.A for win, this patch for both win and linux )

distant buffer overflow / using a tool to send too long commands to the server / jampded. (FIXED : Hex edit by L Auriemma)

fake players / spamming the server by sending many fake connect commands. Does not crash but lags the serv terribly / jampgame ( fixed only in some mods, such as japlus. )

~Zach

Read More

Download 'no_crash.zip' (1.32MB)

Readme
*********************************** 
Jedi Knight: Jedi Academy 
*********************************** 
TITLE: No "ingame crash" patch
AUTHOR: Gamall
E-MAIL: gamall.ida@gmail.com
WEBSITE: http://gamall-ida.com

FILENAME Windows : nocrash_Win.pk3
FILENAME Linux   : jampgamei386.so
FILESIZE: < 2 Mo
DATE RELEASED: 18 March 2007

CREDITS: 

Kudos to Trimbo for his linux-ready version of the vanillia SDK.

INSTALLATION INSTRUCTIONS: 

Just put it in your server's base folder.

DESCRIPTION: 

-> Removes the vulnerability to the say/tell "aaaaaaaaaaaaaaaaaaaaaaaaa... attack, also known as ingame buffer overflow attack, in unmodified baseJKA, by truncating too long say entries and blocking too long server commands.

Just remember to use a patched (linux)jampded[.exe] as well, and your server shall be impervious to malicious crashes.

-> Logs say/tell/server overflows into the server logs, with name and id of offending client.

-> Does not alter ANY aspect of basejka past that.

-> Damages MAY be slightly altered for Linux servers. This is a consequence of the fact that I compiled with GCC instead of ICC. Most people won't notice it though. I sure wouldn't :P


COMMENTS: This is not very original, and has probably been done to the death already, but I couldn't find a fix that works on Linux on the net when someone asked me about it... so here it is.

If someone has ICC and is willing to compile a so with it, please contact me :)

///////////////////////////////////////////////////////////////

MODIFIED CODE : (from jka-universalSource, linux-ready SDK.)

void trap_SendServerCommand( int clientNum, const char *text ) {
	/* Gamall : This bit should protect the clients... */
	if(strlen(text) > 1022) 
	{ 
		G_LogPrintf( "Gamall : Client %s sent too long a command...\n", clientNum ); 
		G_LogPrintf( "Sent command : [%s]\n", text ); 
		G_LogPrintf( "Total length : %d \n", strlen(text)) ;
        return; 
	} 
	/* Gamall : END OF FIX */
	syscall( G_SEND_SERVER_COMMAND, clientNum, text );
}


/*
==================
Cmd_Say_f
==================
*/
static void Cmd_Say_f( gentity_t *ent, int mode, qboolean arg0 ) {
	char		*p;

	if ( trap_Argc () < 2 && !arg0 ) {
		return;
	}

	if (arg0)
	{
		p = ConcatArgs( 0 );
	}
	else
	{
		p = ConcatArgs( 1 );
	}

	/* FIX Gamall : This bit should prevent crashes... */
	if ( strlen(p) > 150 )
	{
		p[149] = 0 ;
		G_LogPrintf("ANTI CRASH : Cmd_Say_f entry from client %s (%d) has been truncated\n", ent->client->pers.netname, ent->s.number);
	}
	/* END OF FIX */

	G_Say( ent, NULL, mode, p );
}

/*
==================
Cmd_Tell_f
==================
*/
static void Cmd_Tell_f( gentity_t *ent ) {
	int			targetNum;
	gentity_t	*target;
	char		*p;
	char		arg[MAX_TOKEN_CHARS];

	if ( trap_Argc () < 2 ) {
		return;
	}

	trap_Argv( 1, arg, sizeof( arg ) );
	targetNum = atoi( arg );
	if ( targetNum < 0 || targetNum >= level.maxclients ) {
		return;
	}

	target = &g_entities[targetNum];
	if ( !target || !target->inuse || !target->client ) {
		return;
	}

	p = ConcatArgs( 2 );

	/* FIX Gamall : This bit should prevent crashes... */
	if ( strlen(p) > 150 )
	{
		p[149] = 0 ;
		G_LogPrintf("ANTI CRASH : Cmd_Tell_f entry from client %s (%d) has been truncated\n", ent->client->pers.netname, ent->s.number);
	}
	/* END OF FIX */

	G_LogPrintf( "tell: %s to %s: %s\n", ent->client->pers.netname, target->client->pers.netname, p );

	G_Say( ent, target, SAY_TELL, p );
	// don't tell to the player self if it was already directed to this player
	// also don't send the chat back to a bot
	if ( ent != target && !(ent->r.svFlags & SVF_BOT)) {
		G_Say( ent, ent, SAY_TELL, p );
	}
}

I also removed the improbable powf function, which, apart from yielding a result different from what its name implies, prevents compilation under VC++ 8, for reasons that are quite beyond me since its syntactically correct... Its not used anywhere in the code anyway... I'm quite puzzled by this thing... Bha...

/* 
Gamall : Removed this so as to 
allow compilation with VC++ 8. 
*/

//float powf ( float x, int y )
//{
//	float r = x;
//	for ( y--; y>0; y-- )
//		r = r * r;
//	return r;
//}

THIS MODIFICATION IS NOT MADE, DISTRIBUTED, OR SUPPORTED BY ACTIVISION, RAVEN, OR 
LUCASARTS ENTERTAINMENT COMPANY LLC. ELEMENTS TM & © LUCASARTS 
ENTERTAINMENT COMPANY LLC AND/OR ITS LICENSORS.

Read More

Comments on this File

There are no comments yet. Be the first!

Gamall


50 XP


Registered 11th March 2007

14 Files Uploaded

Share This File
Embed File