It appears as if the Armagetron Advanced developers know about this problem and have made a patch. I logged into their forum and did a search for security, and found this:
http://guru3.sytes.net/viewtopic.php?t=1641&highlight=security The patch that apparantly fixes this problem is attached (and is fixed in the upstream's CVS so that 0.2.7.1 and above are fixed). Micah
diff -r -U 2 armagetronad-source-0.2.7.0/src/network/nNetwork.cpp
armagetronad-source-0.2.7.0-security/src/network/nNetwork.cpp
--- armagetronad-source-0.2.7.0/src/network/nNetwork.cpp 2004-06-18
05:52:50.000000000 +0200
+++ armagetronad-source-0.2.7.0-security/src/network/nNetwork.cpp
2005-02-15 22:39:58.902437264 +0100
@@ -447,4 +447,8 @@
try{
#endif
+ // ignore out of range descriptors ( Thanks Luigi Auriemma )
+ if ( message.descriptor >= MAXDESCRIPTORS )
+ return;
+
nDescriptor *nd=descriptors[message.descriptor];
if (nd){
@@ -1580,4 +1584,9 @@
unsigned short claim_id=ntohs(*bend);
+
+ // ignore out of range ids ( Thanks Luigi
Auriemma )
+ if ( claim_id > MAXCLIENTS )
+ claim_id = MAXCLIENTS+1;
+
/*
std::cerr << "Received " << len << " bytes";
diff -r -U 2 armagetronad-source-0.2.7.0/src/network/net_udp.cpp
armagetronad-source-0.2.7.0-security/src/network/net_udp.cpp
--- armagetronad-source-0.2.7.0/src/network/net_udp.cpp 2004-06-04
18:20:57.000000000 +0200
+++ armagetronad-source-0.2.7.0-security/src/network/net_udp.cpp
2005-02-15 22:32:24.726482504 +0100
@@ -388,5 +388,5 @@
int ANET_CheckNewConnections (void)
{
- unsigned long available;
+ int available = -1;
if (net_acceptsocket == -1)
@@ -412,5 +412,5 @@
}
- if (available)
+ if (available >= 0 )
return net_acceptsocket;
return -1;
@@ -434,9 +434,9 @@
{
ANET_ResetSocket( sock );
- return 0;
+ return -1;
}
break;
case nSocketError_Ignore:
- return 0;
+ return -1;
break;
}
@@ -498,9 +498,9 @@
{
ANET_ResetSocket( sock );
- return 0;
+ return -1;
}
break;
case nSocketError_Ignore:
- return 0;
+ return -1;
break;
}
signature.asc
Description: Digital signature

