You are not logged in. Please login or register.
Teeworlds Forum → Development → Patching old 0.6.1 server security issues
Hello,
I own a 0.6.1 TW server source code. As far as I know, it has some security bugs that might cause server crash. Is there a quick way to patch these if the only modified files are located inside the game/server folder?
Yea. It has to do with too big chunks of map data being requested, just replace these lines in server.cpp, ProcessClientPacket()
int ChunkSize = 1024-128;
int Offset = Chunk * ChunkSize;with these
unsigned int ChunkSize = 1024-128;
unsigned int Offset = Chunk * ChunkSize;This will prevent the integer from overflowing.
Greets, xush.
Thanks for help 
I applied this code and used the Python patching script written by Heinrich5991
Anyway, I read the changelog documents and I realized that there are much more exploits that should be fixed 
Looks like I'll need to spend some more time than I though... At least the known crashing exploits were removed (I hope).
If u want a fully secure server u also have to add some nonofficial patches (e.g. against ip-spoofing, "xush" is a known ip-spoofer!)
Warning: useless and offtopic defamation. // Dune
I can't think of any further issues that were addressed by further releases. You should probably (if you haven't already) patch the bug that allows an attacker to block your server from registering at the masters by faking a masters IP and send FW_ERROR packets.
That fix however would just be another hack, just like any other spoofing fix for 0.6. I doubt that anyone will attack your server with some kind of spoofing, so you should be good to go. If you notice any further issues that I forgot about just make another post or contact me, I will be glad to help.
@Deepfinder: How does denouncing me help here? There was absolutely no reason to say my name in that context, that behavior is just immature, inappropriate and not related to the topic in my opinion.
EDIT: Oops, I totally forgot about the join/leave flooding bug, that is another one you should definetly fix. *Searching for the patch right now*
Here you go: https://github.com/teeworlds/teeworlds/ … bc378a3b9d
I hope that easy enough
That fix however would just be another hack, just like any other spoofing fix for 0.6. I doubt that anyone will attack your server with some kind of spoofing, so you should be good to go.
I've heard from a few server administrators that IP spoofing *is* a problem in 0.6. I wouldn't necessarily trust you (xush) to assess the situation neutrally.
The original question has been settled, offtopic comments have been removed, and the thread is closed.
Teeworlds Forum → Development → Patching old 0.6.1 server security issues
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 3 official extensions. Copyright © 2003–2009 PunBB.