Jump to content

Fix Core Crash (unused serverside packet)


Recommended Posts

  • VIP
Posted (edited)

Hey guys,

i noticed a core crash "exploit" someone is currently using with HEADER_CG_TEXT.

its a simple buffer overflow in the HEADER_CG_TEXT packet.
because the packet is not used you can just remove it.
in marty files its already fixed because only localhost has access as far as i remember.

packet.h

    HEADER_CG_TEXT                    = 64,

 

packet_info.cpp

Set(HEADER_CG_TEXT, sizeof(TPacketCGText), "Text", false);

 

input.cpp

if (bHeader == HEADER_CG_TEXT)
(
[...]
)

 

Edited by .colossus.
  • Love 7
  • Good 1
Link to comment

#ifdef ENABLE_PORT_SECURITY
        if (IsEmptyAdminPage() || !IsAdminPage(inet_ntoa(d->GetAddr().sin_addr))) // block if adminpage is not set or if not admin
        {
            sys_log(0, "SOCKET_CMD: BLOCK FROM(%s)", d->GetHostName());
            return -1;
        }
#endif

 

i can remove all from  #ifdef ENABLE_PORT_SECURITY  ?   this delete #ifdef ENABLE_PORT_SECURITY why 😞 

Link to comment
  • VIP
Posted (edited)
6 minutes ago, MLens said:

#ifdef ENABLE_PORT_SECURITY
        if (IsEmptyAdminPage() || !IsAdminPage(inet_ntoa(d->GetAddr().sin_addr))) // block if adminpage is not set or if not admin
        {
            sys_log(0, "SOCKET_CMD: BLOCK FROM(%s)", d->GetHostName());
            return -1;
        }
#endif

 

i can remove all from  #ifdef ENABLE_PORT_SECURITY  ?   this delete #ifdef ENABLE_PORT_SECURITY why 😞 

read my thread again 🙂

--> in marty files its already fixed because only localhost has access as far as i remember.

so you just need to enable ENABLE_PORT_SECURITY or delete everything because its not used

Edited by .colossus.
Link to comment
2 minutes ago, .colossus. said:

read my thread again 🙂

--> in marty files its already fixed because only localhost has access as far as i remember.

if (bHeader == HEADER_CG_TEXT) ( [...] )

in HEADER_CG_TEXT   have  #ifdef ENABLE_PORT_SECURITY    if delete   if (bHeader == HEADER_CG_TEXT) ( [...] )     delete and this  #ifdef ENABLE_PORT_SECURITY      i will uninstall #ifdef ENABLE_PORT_SECURITY ?     i have  HEADER_CG_TEXT  normal in my files

Link to comment
  • Honorable Member
Posted (edited)

The issue is that the buffer is not cleared even if the packet is wrong. It will keep growing until you run out of memory.

It's not just adminpage (@) vulnerable to this, but it's the simplest to exploit.

Edited by martysama0134
  • Good 1
Link to comment
On 6/18/2021 at 6:23 PM, .colossus. said:

Hey guys,

i noticed a core crash "exploit" someone is currently using with HEADER_CG_TEXT.

its a simple buffer overflow in the HEADER_CG_TEXT packet.
because the packet is not used you can just remove it.
in marty files its already fixed because only localhost has access as far as i remember.

packet.h

    HEADER_CG_TEXT                    = 64,

 

packet_info.cpp

Set(HEADER_CG_TEXT, sizeof(TPacketCGText), "Text", false);

 

input.cpp

if (bHeader == HEADER_CG_TEXT)
(
[...]
)

 

Remove this line in packet.h 😄 

typedef struct command_text
{
    BYTE    bHeader;
} TPacketCGText;

 

 

  • Good 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.