lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <00cb01c57e81$7e360e80$0505a8c0@Slawek>
Date: Sat Jul  2 14:56:31 2005
From: sgp at telsatgp.com.pl (Slawek)
Subject: Re: In-game /ignore crash in Soldier of Fortune
	II 1.03

Hello!
In message to <bugtraq@...urityfocus.com>; <bugs@...uritytracker.com>; 
<news@...uriteam.com>; <full-disclosure@...ts.grok.org.uk>; 
<vuln@...unia.com> sent Wed, 29 Jun 2005 20:32:51 +0000 you wrote:


 LA> #######################################################################

 LA>                              Luigi Auriemma

 LA> Application:  Soldier of Fortune II
 LA>               http://sof2.ravensoft.com
 LA> Versions:     1.02x and 1.03
 LA> Platforms:    Windows, Linux and Mac
 LA> Bug:          bad memory access
 LA> Exploitation: remote, versus server (in-game)
 LA> Date:         29 Jun 2005
 LA> Author:       unknown, found in the wild and reported to me by two
 LA>               admins
 LA> Advisory:     Luigi Auriemma
 LA>               e-mail: aluigi@...istici.org
 LA>               web:    http://aluigi.altervista.org

[...]

 LA> ======
 LA> 4) Fix
 LA> ======

 LA> The game is no longer supported so there is no official fix.

 LA> The correct way for removing the problem is patching the bug into the
 LA> latest SDK available for the game (1.02 + 1.03) and recompiling it.
 LA> The patch consists in the adding of the following instruction in
 LA> g_cmds.c after "ignoree = atoi( buffer );" at line 1962:

 LA>   if(ignoree > MAX_GENTITIES) return;

I'm afraid it's not enough.

Unfortunatelly ignoree is declared "int" so you should test for negative 
values as well.
Also used table is MAX_GENTITIES long, so ignoree being equal MAX_GENTITIES 
is invalid.

Correct test should rather look like this:

if ((ignoree < 0) || (ignoree >= MAX_GENTITIES)) return;



------------------------------------------ 
Slawomir Piotrowski / Telsat GP
Rejestracja Czasu Pracy i Kontrola Dostepu
http://www.ewidencja-czasu-pracy.pl
------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ