[cod] SecurityFocus

Ian mu mu.llamas at gmail.com
Thu Feb 17 18:43:47 EST 2005 

Hiya Jay,  no I can't explain it specifically as that limit (and why
probably that limit didn't work for one server, although I couldnt
find anything else to cut back on in the config), except I'm guessing
with it being a buffer problem, it may be a case of cut down as much
as possible, and that just happens to be one of the longer ones. I
basically started off with a zero'd config just having base
map/essentials and noticed it didnt crash. Full server config it did.
So then added chunks in until it crashed and then messed about
increasing some things, decreasing others. Key "seemed" to be
sv_hostname in our config, but I think there's definitely other things
coming into play, and hence why I don't think anyone can
"conclusively" say its fixed for one game. (Interestingly if you try
it on a linux cod server it will show the error in the console/screen,
just it won't crash which is I'm guessing Ryans bit, not removing the
error as its still there...but just making sure the server doesn't go
down because of it)

The interesting (sort of) thing was when I was testing I would
gradually lower the length of the var. Longer ones it would totally
crash, the closer to 16 I got if you were in a console/screen with the
server, you would see it reporting the error but not crash, then it
would eventually fall over. I believe the test program increases the
packetsize (not sure if thats it or what it requests?) and in the
readme says the patch limits it to 767 bytes by default as the fix.
I'm just wondering if for the patch to work properly you can only have
767 bytes of info in total or something, and it just so happens that
in some of our configs we're just over that, and that 16 byte figure
that worked on the hostname if cut back on some other vars as well
would give more.

Not sure if that makes sense, haven't had time to do more testing
today, but I'm wondering if there may be some workaround like changing
the value in the patch to lower it further than 767 for some
games/mods (mentions it for one game).

If I find anything more conclusive will feedback.

More information about the Cod mailing list