JA buffer overflow exploit

[ASk]

There's a buffer overflow in G_Printf [local buffer of 1024 bytes, which can be overflowed] that allows a person to execute arbitrary shellcode, and/or crash the server

Exploitable by any person connected to a server and having access to /say or /tell

 

Perhaps that should be fixed.

[Tinny]

I think Slider has an external patch of this or something in his newest release of JA+.

[stubert]

are you really worried about the JK gaming community knowing what an exploit is?

[Wudan]

It's not the people who don't know what an exploit is he's worried about, it's the people who do. This is a significant problem, and there are more than enough linux hosts who should be worried about this.

[ensiform]

For g_syscalls.c

 

 

void trap_SendServerCommand( int clientNum, const char *text ) {
// CHRUKER: b001 - Oversize server commands
// rain - hack - commands over 1022 chars will crash the
// client upon receipt, so ignore them
if( strlen( text ) > 1022 ) {
	G_LogPrintf( "trap_SendServerCommand( %d, ... ) length exceeds 1022.\n", clientNum );
	G_LogPrintf( "text [%s]\n", text );
	// -- reyalP G_LogPrintf is limited to 1024, so the above will be truncated and
	// next log message will be on the same line
	G_LogPrintf( "]... truncated\n", text );
	return;
}
syscall( G_SEND_SERVER_COMMAND, clientNum, text );
}

[Tinny]

Thanks Ensi.

[razorace]

Thanks for the heads up guys.