ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Sun Sep 24, 2017 7:25 pm

All times are UTC




Post new topic  Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Sat May 09, 2015 7:20 pm 

Joined: Sat May 09, 2015 7:18 pm
Posts: 9
Hello, I know this is an older exploit but I am curious as to what caused it. Was the name being sent over a specific internal string in the game, some sort of buffer overflow with the name being longer, etc?


Top
   
PostPosted: Sat May 09, 2015 7:37 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6704
http://aluigi.org/adv/csdos.txt


Top
   
PostPosted: Sun May 10, 2015 1:25 am 

Joined: Sat May 09, 2015 7:18 pm
Posts: 9
Ah yes, I've come across similar issues getting stuck in Info_ValueForKey loops in Daikatana. Thanks! One interesting one in particular (and may exist in Quake 2) is if the key is longer than 64 chars (the MAX_INFO_KEY value) then it is truncated and you can set null names, model names, etc. Depending on later checks in the userinfo changed code it can crash servers.


Top
   
PostPosted: Sun May 10, 2015 4:04 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6704
Eh, the good old times :)


Top
   
PostPosted: Sun May 10, 2015 7:04 pm 

Joined: Sat May 09, 2015 7:18 pm
Posts: 9
In the Daikatana 1.3 project I've been working on with a few other people your tools have been great at finding potential flaws like this.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 5 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited