Mi4uric3

Hi, while looking through the servers source code I received in 2013 I found a minor security issue regarding the item shop. An attacker is able to temporarily delete items bought in the item shop from the game, so the buyer is unable to receive it. All deleted items are restored after the server restarts though, as they are only removed from the databases cache, not from the database itself. Also the attacker can only remove the item from the cache if the user didn't login after buying it (player.item_award.taken_time != NULL). PoC application which attacks my local test server: Minor item shop security issue To fix it you need to delete the following lines: Server/common/tables.h: HEADER_GD_DELETE_AWARDID = 138, // delete gift notify icon Server/common/tables.h: // 선물 알림 기능 삭제용 패킷 정보 typedef struct tDeleteAwardID { DWORD dwID; } TPacketDeleteAwardID; Server/db/src/ClientManager.cpp: //delete gift notify icon case HEADER_GD_DELETE_AWARDID: DeleteAwardId((TPacketDeleteAwardID*) data); break; Server/db/src/ClientManager.cpp: // delete gift notify icon void CClientManager::DeleteAwardId(TPacketDeleteAwardID *data) { //sys_log(0,"data from game server arrived %d",data->dwID); std::map<DWORD, TItemAward *>::iterator it; it = ItemAwardManager::Instance().GetMapAward().find(data->dwID); if ( it != ItemAwardManager::Instance().GetMapAward().end() ) { std::set<TItemAward *> & kSet = ItemAwardManager::Instance().GetMapkSetAwardByLogin()[it->second->szLogin]; if(kSet.erase(it->second)) sys_log(0,"erase ItemAward id: %d from cache", data->dwID); ItemAwardManager::Instance().GetMapAward().erase(data->dwID); } else { sys_log(0,"DELETE_AWARDID : could not find the id: %d", data->dwID); } } Server/db/src/ClientManager.h: //delete gift notify icon void DeleteAwardId(TPacketDeleteAwardID* data); Server/game/src/input.cpp: //gift notify delete command else if (!stBuf.compare(0,15,"DELETE_AWARDID ")) { char szTmp[64]; std::string msg = stBuf.substr(15,26); // item_award의 id범위? TPacketDeleteAwardID p; p.dwID = (DWORD)(atoi(msg.c_str())); snprintf(szTmp,sizeof(szTmp),"Sent to DB cache to delete ItemAward, id: %d",p.dwID); //sys_log(0,"%d",p.dwID); // strlcpy(p.login, msg.c_str(), sizeof(p.login)); db_clientdesc->DBPacket(HEADER_GD_DELETE_AWARDID, 0, &p, sizeof(p)); stResult += szTmp; }

Hi, I'm trying to set up on a FreeBSD 9.3 x64 system. I've had problems with this: As you can see here, there are no packages for any OS except 8.4 anymore. I solved it by doing this: setenv PACKAGESITE ftp://ftp.tw.freebsd.org/pub/releases/amd64/amd64/9.0-RELEASE/packages/misc/ pkg_add -r compat7x-amd64-7.3.703000.201008_19.0 was the only available source I could find, but it worked fine on 9.3, so I guess that's ok then.Before installing compat7x-amd64 I got "elf_load_section: truncated ELF file", afterwards this error disappeared. I downloaded the library files linked to in the 1st post, dropped them into /usr/lib32 and gave them the same rights like the other libraries in this direcotry have. After executing the start.sh I get the typical "Shared object has no run-time symbol table" error message. But since I put the libraries in place that can't be the problem. I'm starting to wonder if the game files I use are corrupt.. Do you have any advice for me? Edit: I now converted the original Mcncc.com Metin2.vhd to vmdk and loaded it in VMWare. Configured some stuff and tried it. First time I got "Can not get public IP address". Downloaded game file, changed 192.168 to 111.111, uploaded it, started it again, now I get the "Shared object has no run-time symbol table", too. WTF