http://www.pcgamemods.com/11166/)
************************************************** *
SECURITY ISSUE for QUAKE3 Engine
UNOFFICIAL PATCH for JEdi ACADEMY Dedicated raven server 1.01
************************************************** *
linuxjampded and jampDed.exe patched by slider using the FIX patch released by Luigi Auriemma
This patch corrects the large UDP server overflow exploit that can crash Jedi academy servers.
******************
FOR WINDOWS :
******************
jampDed.exe is the FIXED raven dedicated server for JEdi academy 1.01
*****************
For LINUX
*****************
linuxjampded is the FIXED raven dedicated server for JEdi academy 1.01
**************
INSTLATION
**************
just replace linuxjampded or jampDed.exe in your jedi academy game by the files provided here
PS: use at your own risk
moreover i was thinking about a patch for jedi academy for the dedicated server that require just a recompilations of the sources which i don't have....
the file to be patched is q_shared.c...
this file is also compiled in the dedicated server of raven...
the patch i made is the following: Raven could probably find a more clever solution as they have the whole source engine....
this is not the worth to patch your jampgame dll using this code change because this part of the code must be patched in the files used to compile the dedicated server
extract from my q_shared.c
void Info_SetValueForKey( char *s, const char *key, const char *value ) {
char newi[MAX_INFO_STRING];
if ( strlen( s ) >= MAX_INFO_STRING ) {
//MODIFICATION fix the UDP large request exploit in Quake3 engine ===> GRRRRR it is hard coded in server of raven.... so ican't fix it in the mod
// must fixed by raven or by a fix by haking the server
*(s + MAX_INFO_STRING -1) =0;
}
//not needed but ......
if ( strlen( s ) >= MAX_INFO_STRING ) {
Com_Error( ERR_DROP, "Info_SetValueForKey: oversize infostring" );
}
if (strchr (key, '\\') || strchr (value, '\\'))
{
Com_Printf ("Can't use keys or values with a \\\n");
return;
}
if (strchr (key, ';') || strchr (value, ';'))
{
Com_Printf ("Can't use keys or values with a semicolon\n");
return;
}
if (strchr (key, '\"') || strchr (value, '\"'))
{
Com_Printf ("Can't use keys or values with a \"\n");
return;
}
Info_RemoveKey (s, key);
if (!value || !strlen(value))
return;
Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value);
if (strlen(newi) + strlen(s) > MAX_INFO_STRING)
{
Com_Printf ("Info string length exceeded \n");
return;
}
strcat (newi, s);
strcpy (s, newi);
}