PDA

View Full Version : JA Dedicated Server Unofficial Patch for Vulnerability Exploit


Slider744
03-25-2005, 02:58 PM
http://www.pcgamemods.com/11166/


************************************************** *
SECURITY ISSUE for QUAKE3 Engine
UNOFFICIAL PATCH for JEdi ACADEMY Dedicated raven server 1.01
************************************************** *

linuxjampded and jampDed.exe patched by slider using the FIX patch released by Luigi Auriemma

This patch corrects the large UDP server overflow exploit that can crash Jedi academy servers.


******************
FOR WINDOWS :
******************
jampDed.exe is the FIXED raven dedicated server for JEdi academy 1.01

*****************
For LINUX
*****************
linuxjampded is the FIXED raven dedicated server for JEdi academy 1.01


**************
INSTLATION
**************
just replace linuxjampded or jampDed.exe in your jedi academy game by the files provided here








PS: use at your own risk



moreover i was thinking about a patch for jedi academy for the dedicated server that require just a recompilations of the sources which i don't have....
the file to be patched is q_shared.c...
this file is also compiled in the dedicated server of raven...

the patch i made is the following: Raven could probably find a more clever solution as they have the whole source engine....
this is not the worth to patch your jampgame dll using this code change because this part of the code must be patched in the files used to compile the dedicated server


extract from my q_shared.c

void Info_SetValueForKey( char *s, const char *key, const char *value ) {
char newi[MAX_INFO_STRING];

if ( strlen( s ) >= MAX_INFO_STRING ) {
//MODIFICATION fix the UDP large request exploit in Quake3 engine ===> GRRRRR it is hard coded in server of raven.... so ican't fix it in the mod
// must fixed by raven or by a fix by haking the server
*(s + MAX_INFO_STRING -1) =0;
}

//not needed but ......
if ( strlen( s ) >= MAX_INFO_STRING ) {
Com_Error( ERR_DROP, "Info_SetValueForKey: oversize infostring" );

}

if (strchr (key, '\\') || strchr (value, '\\'))
{
Com_Printf ("Can't use keys or values with a \\\n");
return;
}

if (strchr (key, ';') || strchr (value, ';'))
{
Com_Printf ("Can't use keys or values with a semicolon\n");
return;
}

if (strchr (key, '\"') || strchr (value, '\"'))
{
Com_Printf ("Can't use keys or values with a \"\n");
return;
}

Info_RemoveKey (s, key);
if (!value || !strlen(value))
return;

Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value);

if (strlen(newi) + strlen(s) > MAX_INFO_STRING)
{
Com_Printf ("Info string length exceeded \n");


return;
}

strcat (newi, s);
strcpy (s, newi);
}

Kurgan
03-25-2005, 06:28 PM
Nice job! If this is as useful as you say, other authors should incorporate this into their server side mods.

Slider744
03-25-2005, 06:45 PM
i will not incorporate it in the ja+

this fix is more general than a mod

it is the patch of the main dedicated server program

it should be install by server providers and not by customers

Amidala from Chop Shop
03-26-2005, 01:38 AM
A patched version of the Linux dedicated server to fix this exploit was made available to all customers of http://www.escapedturkey.com back on Feb. 18

http://www.escapedturkey.com/forums/viewtopic.php?t=2034
http://www.escapedturkey.com/forums/viewtopic.php?t=2033

Slider744
03-26-2005, 05:15 AM
yes i know some server operators already provide such a patch...

but too few are aware of the problem...
i wanted to give the windows patch and linux patch in the same ZIP and give a boost thanks to pcgmods and lucasforums and jK3files....

most customers don't install the patch...
most of them even don't know how to do it...

that is why i think server operators should isntall it and not wait for customer to do it on their own...

i contacted http://www.mammothgames.com/ which are currently testing the patch i made on 2 servers...before to massively update all their JKA servers