[cod] SecurityFocus

Ian mu mu.llamas at gmail.com
Thu Feb 17 19:42:54 EST 2005


Hiya  again, Just tested on a linux cod server, (which doesn't crash
but you can see this error screaming at you until you stop it...), but
for some reason it does seem to pluck out hostname even on cod, just
it doesnt crash it as mentioned earlier. So maybe its something like
the long packet sent fills the buffer then it can't fit the hostname
in which is the first biggest var it hits (not convinced)? So the test
is "stepping up" and it will always first find the biggest var, which
is typically hostname, and maybe < 16 just keeps it within the buffer
limits (waffling out loud, don't know enough about it)?

Btw r.e the configs, I'm guessing its the values that are returned in
a server status query..ie the bits u see in ASE/Gspy etc? I.e the key
may even be fine, but its the value which is the problem, and most
values in configs are single digit numbers. So whilst some configs may
be huge, much of it is never returned in a query. Again just guesswork
really. But below when tested cod, its interesting it starts reporting
errors, cutting more and more out that it can return.

We did actually used to get this error for a couple of years ranomly
in all Q3engine games. Just random crashes (I'm fairly sure this
wasn't an exploit in those days), where the definite fix we used to do
was to reduce all the sets admin "email" etc commands which were too
long, which would stop all crashing.



More information about the Cod mailing list