Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 18:44

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 36 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: hmm
PostPosted: 07 Aug 2008 06:15 

Joined: 29 Jun 2008 21:11
Posts: 28
I tried just bitterman/red (as its the same as sarge/default in letters) and i did change to sarge,but it was a red sarge. I have one more I want to try. I will try to somehow use a skin, then change it to sarge/default but delete my red/blue sarge model beforehand. Last time i tried it kicked me off the server because someone else had that skin so I would prob have to find the memory location for sarge or somehow tell it that sarge/red and blue is another skin.

What I really need is a way to tell the server that im using the default and its ok. It needs to tell the other plays "hey, this player is using sarge/default and that's ok, but you guys have to use red and blue." I was thinking the sarge''''''''''''''''''''''''''''' and sarge@@@@@@@@@@@@@@@@@ comes in handy because it is just enough to put it to where it cant tell if its red or blue and maybe it forces default.


Top
 Profile  
 
 
 Post subject: hmm
PostPosted: 11 Aug 2008 02:32 

Joined: 29 Jun 2008 21:11
Posts: 28
just saw him today under the name unknownplayer... here's a picture:
(The model name if you can't see it is Artitmis). I also have a video looking at his model if anyone wants to see. Also google returned no results for Artitmis


Attachments:
artitmis.jpg
artitmis.jpg [ 84.42 KiB | Viewed 855 times ]
Top
 Profile  
 
 Post subject:
PostPosted: 11 Aug 2008 06:22 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
maybe im mislooking something, but it seems he changed the model (in memory) so server tries to give him that model but cant.


Top
 Profile  
 
 Post subject:
PostPosted: 11 Aug 2008 15:21 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
what version of did punkbuster start to become integrated? was it only v1.32?


Top
 Profile  
 
 Post subject:
PostPosted: 11 Aug 2008 17:36 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
yes, exactly from 1.32


Top
 Profile  
 
 Post subject: Re: Never before seen q3 1.16 hack..
PostPosted: 10 Jun 2009 15:49 

Joined: 29 Jun 2008 21:11
Posts: 28
long time from when i originally posted this... but maybe luigi u can help me out a bit (or someone).

I've done a lil more research today...

first heres sound_dma.c: http://gongo.quakedev.com/src/ogg/code/snd_dma.c

in that file is the qpath variable

Code:
if ( strlen( name ) >= MAX_QPATH )
   {
      Com_Printf( "Sound name exceeds MAX_QPATH\n" );
      return 0;
   }


i've read that :

Quote:
Quote:
Quote:
Originally Posted by _Mace_
"sound name exceeds MAX_QPATH"


Helps if you read the error.


That's simple - the filepath to the sound is too long. I believe it's 64 characters max. The filepath includes the filename, file extension, and whatever folders are in the way.

You just need to shorten the filepath to less than 64 characters, and it should work fine.


so that explains the 88 into 64 part. the whole path was 88 characters over the 64. (with all the added @@@'s)

now as for the com_sprintf (other part of the bug) i've read:

Quote:
The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial of service (application crash) via a long skin, weapon, or model name.



quake 3 arena uses the same one.

q_shared.c is found here: http://svn.jansson.be/foreign/quake/q3/ ... q_shared.c

in it it has:

Code:
void QDECL Com_sprintf( char *dest, int size, const char *fmt, ...) {
   int      len;
   va_list      argptr;
   char   bigbuffer[32000];   // big, but small enough to fit in PPC stack

   va_start (argptr,fmt);
   len = vsprintf (bigbuffer,fmt,argptr);
   va_end (argptr);
   if ( len >= sizeof( bigbuffer ) ) {
      Com_Error( ERR_FATAL, "Com_sprintf: overflowed bigbuffer" );
   }
   if (len >= size) {
      Com_Printf ("Com_sprintf: overflow of %i in %i\n", len, size);


com_printf is defined as:

Code:
Com_sprintf( path, maxSize, "%s%s", oldPath, extension );



What do you think? from what it said about the alien arena gold 2006, that files does not properly NULL terminate certain long strings, which can cause a denial of service (application crash) via a long skin, weapon, or model name. (which is what i originally reported: the long model name


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 36 posts ]  Go to page Previous  1, 2

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: