[mohaa] MOHAA linux server with potential exploit fix.

Steven Hartland killing at multiplay.co.uk
Thu Jul 22 06:55:56 EDT 2004 

Does this also include the other crash fix?
I've lost my link to the details but the diff shows:
[diff]
diff -a fgameded.so fgameded.so.orig
5793c5793
< Bad hash code value: %scurrent thread is NULLNULL_Legs.st_Torso.stPAINxnnlontznlod_yawlod_pitchlod_rolllod_angleslod_discardMust
specify a model namelod_tikiname1dtizlqpsError in model '%s', LOD model not spawned.cg_drawviewmodel 0
---
> Bad hash code value: %scurrent thread is NULLNULL_Legs.st_Torso.stPAINlod_spawnlod_yawlod_pitchlod_rolllod_angleslod_discardMust
specify a model namelod_tikiname1lod_toolError in model '%s', LOD model not spawned.cg_drawviewmodel 0
[/diff]

[diff hex]
diff -a fgameded.so fgameded.so.orig | hexdump -C
00000000  35 37 39 33 63 35 37 39  33 0a 3c 20 00 42 61 64  |5793c5793.< .Bad|
00000010  20 68 61 73 68 20 63 6f  64 65 20 76 61 6c 75 65  | hash code value|
00000020  3a 20 25 73 00 63 75 72  72 65 6e 74 20 74 68 72  |: %s.current thr|
00000030  65 61 64 20 69 73 20 4e  55 4c 4c 00 4e 55 4c 4c  |ead is NULL.NULL|
00000040  00 5f 4c 65 67 73 2e 73  74 00 5f 54 6f 72 73 6f  |._Legs.st._Torso|
00000050  2e 73 74 00 50 41 49 4e  00 78 6e 6e 6c 6f 6e 74  |.st.PAIN.xnnlont|
00000060  7a 6e 00 6c 6f 64 5f 79  61 77 00 6c 6f 64 5f 70  |zn.lod_yaw.lod_p|
00000070  69 74 63 68 00 6c 6f 64  5f 72 6f 6c 6c 00 6c 6f  |itch.lod_roll.lo|
00000080  64 5f 61 6e 67 6c 65 73  00 6c 6f 64 5f 64 69 73  |d_angles.lod_dis|
00000090  63 61 72 64 00 4d 75 73  74 20 73 70 65 63 69 66  |card.Must specif|
000000a0  79 20 61 20 6d 6f 64 65  6c 20 6e 61 6d 65 00 6c  |y a model name.l|
000000b0  6f 64 5f 74 69 6b 69 6e  61 6d 65 00 31 00 64 74  |od_tikiname.1.dt|
000000c0  69 7a 6c 71 70 73 00 00  00 00 00 00 00 00 00 00  |izlqps..........|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000e0  00 00 00 00 00 00 45 72  72 6f 72 20 69 6e 20 6d  |......Error in m|
000000f0  6f 64 65 6c 20 27 25 73  27 2c 20 4c 4f 44 20 6d  |odel '%s', LOD m|
00000100  6f 64 65 6c 20 6e 6f 74  20 73 70 61 77 6e 65 64  |odel not spawned|
00000110  2e 00 63 67 5f 64 72 61  77 76 69 65 77 6d 6f 64  |..cg_drawviewmod|
00000120  65 6c 20 30 0a 2d 2d 2d  0a 3e 20 00 42 61 64 20  |el 0.---.> .Bad |
00000130  68 61 73 68 20 63 6f 64  65 20 76 61 6c 75 65 3a  |hash code value:|
00000140  20 25 73 00 63 75 72 72  65 6e 74 20 74 68 72 65  | %s.current thre|
00000150  61 64 20 69 73 20 4e 55  4c 4c 00 4e 55 4c 4c 00  |ad is NULL.NULL.|
00000160  5f 4c 65 67 73 2e 73 74  00 5f 54 6f 72 73 6f 2e  |_Legs.st._Torso.|
00000170  73 74 00 50 41 49 4e 00  6c 6f 64 5f 73 70 61 77  |st.PAIN.lod_spaw|
00000180  6e 00 6c 6f 64 5f 79 61  77 00 6c 6f 64 5f 70 69  |n.lod_yaw.lod_pi|
00000190  74 63 68 00 6c 6f 64 5f  72 6f 6c 6c 00 6c 6f 64  |tch.lod_roll.lod|
000001a0  5f 61 6e 67 6c 65 73 00  6c 6f 64 5f 64 69 73 63  |_angles.lod_disc|
000001b0  61 72 64 00 4d 75 73 74  20 73 70 65 63 69 66 79  |ard.Must specify|
000001c0  20 61 20 6d 6f 64 65 6c  20 6e 61 6d 65 00 6c 6f  | a model name.lo|
000001d0  64 5f 74 69 6b 69 6e 61  6d 65 00 31 00 6c 6f 64  |d_tikiname.1.lod|
000001e0  5f 74 6f 6f 6c 00 00 00  00 00 00 00 00 00 00 00  |_tool...........|
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000200  00 00 00 00 00 45 72 72  6f 72 20 69 6e 20 6d 6f  |.....Error in mo|
00000210  64 65 6c 20 27 25 73 27  2c 20 4c 4f 44 20 6d 6f  |del '%s', LOD mo|
00000220  64 65 6c 20 6e 6f 74 20  73 70 61 77 6e 65 64 2e  |del not spawned.|
00000230  00 63 67 5f 64 72 61 77  76 69 65 77 6d 6f 64 65  |.cg_drawviewmode|
00000240  6c 20 30 0a                                       |l 0.|
[/diff hex]
----- Original Message ----- 
From: "Ryan C. Gordon" <icculus at clutteredmind.org>
To: <mohaa at icculus.org>
Sent: Thursday, July 22, 2004 5:28 AM
Subject: [mohaa] MOHAA linux server with potential exploit fix.


>
> Ok, I looked into the MOHAA buffer overflow, and I _think_ that I have a
>   fix. I say "think" because I'm screwing with this from a hotel room
> over ssh and don't have a MOHAA client installed to test locally, or
> even MOHAA installed remotely to make sure the server will even start up.
>
> In short, please consider this to be an extremely unstable beta until
> proven otherwise.
>
>     http://icculus.org/betas/mohaa/mohaa-lnxded-07222004.tar.bz2
>
> Download, unpack, replace mohaa_lnxded and fgameded.so in your server
> installation.
>
> Please note that this build was built with gcc3, and will need an
> external support library. Explanation of what to do if you get an error
> about "libstdc++" or something instead of a running server is here:
>
>     https://bugzilla.icculus.org/show_bug.cgi?id=1801
>
> If someone can confirm that this build does indeed close the exploit and
> doesn't generally suck, I'll do the same for Spearhead, too.
>
> Thanks,
> --ryan.
>
>
>
>



================================================
This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. 

In the event of misdirection, illegible or incomplete transmission please telephone (023) 8024 3137
or return the E.mail to postmaster at multiplay.co.uk.

More information about the Mohaa mailing list