vulns

**nozx** · 2008-02-15 13:54:10

nozx
New member
Offline

Topic: vulns

file: teewars-0.3.3-src/src/game/server/gs_server.cpp

on line 1953:
if(msg == MSG_CHANGEINFO && strcmp(name, server_clientname(client_id)) != 0)
{
char msg[256];
sprintf(msg, "*** %s changed name to %s", server_clientname(client_id), name);
send_chat(-1, -1, msg);
}

using specially crafted netpacket user can cause server DoS. must use snprintf insted of sprintf.

on line 1982:
else if (msg == MSG_EMOTICON)
{
int emoteicon = msg_unpack_int();
send_emoticon(client_id, emoteicon % 16);
}

int emoteicon not checked for less 0. not critical bug. but...

NOTE: version 0.3.4 valunerable too

**void** · 2008-02-15 14:56:27

void
Developer
Offline

Re: vulns

I know that matricks is doing a full run to find these things now smile My guess is that he has found those and a lot of other ones allready. But thanks!

Languages shapes the way we think, or don't.

**matricks** · 2008-02-15 16:07:00

matricks
Developer
Offline

Re: vulns

Doing a complete overhaul to remove any possible vulnerabilities for 0.4.0. All string functions has been replaced. Doing some very harsh testing to keep the server from crashing etc on strange input from the clients.

vulns

Posts: 3

1 Topic by nozx 2008-02-15 13:54:10 (edited by nozx 2008-02-15 13:55:49)

Topic: vulns

2 Reply by void 2008-02-15 14:56:27 (edited by void 2008-02-15 14:56:38)

Re: vulns

3 Reply by matricks 2008-02-15 16:07:00

Re: vulns

Posts: 3