[mohaa] MOHAA linux server with potential exploit fix.
Steven Hartland
killing at multiplay.co.uk
Thu Jul 22 06:55:56 EDT 2004
Does this also include the other crash fix?
I've lost my link to the details but the diff shows:
[diff]
diff -a fgameded.so fgameded.so.orig
5793c5793
< Bad hash code value: %scurrent thread is NULLNULL_Legs.st_Torso.stPAINxnnlontznlod_yawlod_pitchlod_rolllod_angleslod_discardMust
specify a model namelod_tikiname1dtizlqpsError in model '%s', LOD model not spawned.cg_drawviewmodel 0
---
> Bad hash code value: %scurrent thread is NULLNULL_Legs.st_Torso.stPAINlod_spawnlod_yawlod_pitchlod_rolllod_angleslod_discardMust
specify a model namelod_tikiname1lod_toolError in model '%s', LOD model not spawned.cg_drawviewmodel 0
[/diff]
[diff hex]
diff -a fgameded.so fgameded.so.orig | hexdump -C
00000000 35 37 39 33 63 35 37 39 33 0a 3c 20 00 42 61 64 |5793c5793.< .Bad|
00000010 20 68 61 73 68 20 63 6f 64 65 20 76 61 6c 75 65 | hash code value|
00000020 3a 20 25 73 00 63 75 72 72 65 6e 74 20 74 68 72 |: %s.current thr|
00000030 65 61 64 20 69 73 20 4e 55 4c 4c 00 4e 55 4c 4c |ead is NULL.NULL|
00000040 00 5f 4c 65 67 73 2e 73 74 00 5f 54 6f 72 73 6f |._Legs.st._Torso|
00000050 2e 73 74 00 50 41 49 4e 00 78 6e 6e 6c 6f 6e 74 |.st.PAIN.xnnlont|
00000060 7a 6e 00 6c 6f 64 5f 79 61 77 00 6c 6f 64 5f 70 |zn.lod_yaw.lod_p|
00000070 69 74 63 68 00 6c 6f 64 5f 72 6f 6c 6c 00 6c 6f |itch.lod_roll.lo|
00000080 64 5f 61 6e 67 6c 65 73 00 6c 6f 64 5f 64 69 73 |d_angles.lod_dis|
00000090 63 61 72 64 00 4d 75 73 74 20 73 70 65 63 69 66 |card.Must specif|
000000a0 79 20 61 20 6d 6f 64 65 6c 20 6e 61 6d 65 00 6c |y a model name.l|
000000b0 6f 64 5f 74 69 6b 69 6e 61 6d 65 00 31 00 64 74 |od_tikiname.1.dt|
000000c0 69 7a 6c 71 70 73 00 00 00 00 00 00 00 00 00 00 |izlqps..........|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000e0 00 00 00 00 00 00 45 72 72 6f 72 20 69 6e 20 6d |......Error in m|
000000f0 6f 64 65 6c 20 27 25 73 27 2c 20 4c 4f 44 20 6d |odel '%s', LOD m|
00000100 6f 64 65 6c 20 6e 6f 74 20 73 70 61 77 6e 65 64 |odel not spawned|
00000110 2e 00 63 67 5f 64 72 61 77 76 69 65 77 6d 6f 64 |..cg_drawviewmod|
00000120 65 6c 20 30 0a 2d 2d 2d 0a 3e 20 00 42 61 64 20 |el 0.---.> .Bad |
00000130 68 61 73 68 20 63 6f 64 65 20 76 61 6c 75 65 3a |hash code value:|
00000140 20 25 73 00 63 75 72 72 65 6e 74 20 74 68 72 65 | %s.current thre|
00000150 61 64 20 69 73 20 4e 55 4c 4c 00 4e 55 4c 4c 00 |ad is NULL.NULL.|
00000160 5f 4c 65 67 73 2e 73 74 00 5f 54 6f 72 73 6f 2e |_Legs.st._Torso.|
00000170 73 74 00 50 41 49 4e 00 6c 6f 64 5f 73 70 61 77 |st.PAIN.lod_spaw|
00000180 6e 00 6c 6f 64 5f 79 61 77 00 6c 6f 64 5f 70 69 |n.lod_yaw.lod_pi|
00000190 74 63 68 00 6c 6f 64 5f 72 6f 6c 6c 00 6c 6f 64 |tch.lod_roll.lod|
000001a0 5f 61 6e 67 6c 65 73 00 6c 6f 64 5f 64 69 73 63 |_angles.lod_disc|
000001b0 61 72 64 00 4d 75 73 74 20 73 70 65 63 69 66 79 |ard.Must specify|
000001c0 20 61 20 6d 6f 64 65 6c 20 6e 61 6d 65 00 6c 6f | a model name.lo|
000001d0 64 5f 74 69 6b 69 6e 61 6d 65 00 31 00 6c 6f 64 |d_tikiname.1.lod|
000001e0 5f 74 6f 6f 6c 00 00 00 00 00 00 00 00 00 00 00 |_tool...........|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000200 00 00 00 00 00 45 72 72 6f 72 20 69 6e 20 6d 6f |.....Error in mo|
00000210 64 65 6c 20 27 25 73 27 2c 20 4c 4f 44 20 6d 6f |del '%s', LOD mo|
00000220 64 65 6c 20 6e 6f 74 20 73 70 61 77 6e 65 64 2e |del not spawned.|
00000230 00 63 67 5f 64 72 61 77 76 69 65 77 6d 6f 64 65 |.cg_drawviewmode|
00000240 6c 20 30 0a |l 0.|
[/diff hex]
----- Original Message -----
From: "Ryan C. Gordon" <icculus at clutteredmind.org>
To: <mohaa at icculus.org>
Sent: Thursday, July 22, 2004 5:28 AM
Subject: [mohaa] MOHAA linux server with potential exploit fix.
>
> Ok, I looked into the MOHAA buffer overflow, and I _think_ that I have a
> fix. I say "think" because I'm screwing with this from a hotel room
> over ssh and don't have a MOHAA client installed to test locally, or
> even MOHAA installed remotely to make sure the server will even start up.
>
> In short, please consider this to be an extremely unstable beta until
> proven otherwise.
>
> http://icculus.org/betas/mohaa/mohaa-lnxded-07222004.tar.bz2
>
> Download, unpack, replace mohaa_lnxded and fgameded.so in your server
> installation.
>
> Please note that this build was built with gcc3, and will need an
> external support library. Explanation of what to do if you get an error
> about "libstdc++" or something instead of a running server is here:
>
> https://bugzilla.icculus.org/show_bug.cgi?id=1801
>
> If someone can confirm that this build does indeed close the exploit and
> doesn't generally suck, I'll do the same for Spearhead, too.
>
> Thanks,
> --ryan.
>
>
>
>
================================================
This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it.
In the event of misdirection, illegible or incomplete transmission please telephone (023) 8024 3137
or return the E.mail to postmaster at multiplay.co.uk.
More information about the Mohaa
mailing list