[mohaa] Latest mohaa_lnxded binaries - bufferoverflow not fixed?

Richard Harrison richardnharrison at btinternet.com
Tue Aug 10 04:19:40 EDT 2004 

I think ryan mentioned this before and said that it would be very difficult to do due to the way that cd-key authentication works.
 
i.e. a person has to connect to validate a key.

I could be way off but i seem to recall that.
 
Richard.

The Guvnor <guvnor at evildictators.com> wrote:
Ive found out how people do this, and so far, there is nothing that can 
stop this.

Ryan, I will email you the dos program they used to do this so you can look 
at how to patch the current binaries against this.

ps. please make it 64bit compatible.



Kim














++++++++++++++++++++++++++++++++++++++++++
Hi ryan et all,

im a little confused as to how the latest mohaa binaries fix the buffer 
overflow problem. Players are still able to occupy the server slots with 
fake names using the same ip all in the same minute. Look at the below:

8th aug 04
21:18:14 Iamafake/81.156.111.91 has logged on to play
21:18:14 fakeplayer/81.156.111.91 has logged on to play
21:20:40 Iamafake/81.156.111.91 has logged on to play
21:20:40 fakeplayer/81.156.111.91 has logged on to play
21:20:41 cantseeme/81.156.111.91 has logged on to play

9th aug 04
16:01:47 Iamafake/81.156.165.154 has logged on to play
16:01:48 fakeplayer/81.156.165.154 has logged on to play
16:01:48 cantseeme/81.156.165.154 has logged on to play
16:01:49 dontkickme/81.156.165.154 has logged on to play
16:01:49 Iamhere/81.156.165.154 has logged on to play
16:01:49 wearealot/81.156.165.154 has logged on to play
16:01:50 kickme/81.156.165.154 has logged on to play
16:01:57 fake/81.156.165.154 has logged on to play
16:01:57 whoamI/81.156.165.154 has logged on to play
16:01:58 whatamI/81.156.165.154 has logged on to play
16:01:59 whatImustdo/81.156.165.154 has logged on to play
16:02:00 Ihate/81.156.165.154 has logged on to play
16:02:00 whoIhate/81.156.165.154 has logged on to play
16:02:01 whatIhate/81.156.165.154 has logged on to play
16:02:01 whyIhate/81.156.165.154 has logged on to play
16:03:54 isthisaPoC/81.156.165.154 has logged on to play

Is the latest binaries supposed to be able to 'stop' the problem or just 
'limit it' somehow? Whatever it is, the latest binaries dont seem to be 
stopping the problem, some servers have only have 12 players maximum and it 
takes just one goofball to take it out. The posted CI logs above are for a 
server that has the latest mohaa linux binaries.


Kim


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/mohaa/attachments/20040810/5df8af32/attachment.htm>

More information about the Mohaa mailing list