[cod] SecurityFocus

[Matthew Keen]

The 767bytes is actually how much data is sent to teh server, after the 
info request string, so it's in no way to do with how much data comes 
back form the server.

The test ranges between 750 -> just ofer 2000 bytes that it sends with 
the info string (in total) to try and overflow the server with excess 
data (which it was successfully doing on SoF2 servers without the patch, 
and tries to do to CoD servers which is a 50/50 chance.)

It's a good thought thou Ian, and thanks for sharing your 
testing/fiddling experience with us, maybe it will give some other 
people some insight into what is really going worng.

P.S 757bytes is equal to 95characters :) So i highly doubt youd fit a 
config into that size

Ian mu wrote:

>and in the
>readme says the patch limits it to 767 bytes by default as the fix.
>I'm just wondering if for the patch to work properly you can only have
>767 bytes of info in total or something, and it just so happens that
>in some of our configs we're just over that, and that 16 byte figure
>that worked on the hostname if cut back on some other vars as well
>would give more.
>
>Not sure if that makes sense, haven't had time to do more testing
>today, but I'm wondering if there may be some workaround like changing
>the value in the patch to lower it further than 767 for some
>games/mods (mentions it for one game).
>
>If I find anything more conclusive will feedback.
>  
>