Page 2 of 5
Posted: Mon May 14, 2007 12:12 pm
by Luk4ward
Hi
i got this combinedfixes.lua and today on server was some guy who was asking players to lag the server ?! After some rude response the server crashed, kicked players and new campaign was executed. Im an admin from 2.60b server, info from logs:
Code: Select all
map: Adlernest final
blabla...
voice: ^7'^0Gr^723^0chu^7' Negative ^0N^73^0gativ^73
********************
ERROR: G_Scripting: alertentity cannot find targetname "sidewall"
********************
----- Server Shutdown -----
Sending heartbeat to etmaster.idsoftware.com
Sending heartbeat to master.gamespy.com:27900
Sending heartbeat to master0.gamespy.com
==== ShutdownGame ====
ShutdownGame:
------------------------------------------------------------
etpro: Lua module [announcekillershealth.lua] [4D533E6C362EA88AEE893EA27CA7480120CD9035] unloaded.
---------------------------
^3PunkBuster Server: Lost Connection (slot #4) 80.54.134.1:27960 8d4b14edfcaf33e92c1f2a8c32abf5ee(?) ^7V^dn^7D^d' ( <- this guy)
WARNING: watchdog will trigger in 4 seconds
Idle Server with no map - triggering watchdog
------ Server Initialization ------
Server: oasis
etc....
wtf he was managed to do? I meant how....Tought im running a server with latest patches/fixes..Pls help,
thx in advance
Posted: Mon May 14, 2007 1:34 pm
by ReyalP
ERROR: G_Scripting: alertentity cannot find targetname "sidewall"
This is a map script error. It is possible that some action in the map can trigger it, but the fault still lies with the map. I have a vague memory of a script fix for this map, but I'm not certain.
Posted: Mon May 14, 2007 1:47 pm
by jump3r
ReyalP wrote:
ERROR: G_Scripting: alertentity cannot find targetname "sidewall"
This is a map script error. It is possible that some action in the map can trigger it, but the fault still lies with the map. I have a vague memory of a script fix for this map, but I'm not certain.
do you mean this one?
http://bani.anime.net/banimod/forums/vi ... 4926#64926
Posted: Mon May 14, 2007 2:48 pm
by Luk4ward
thanks for explanation and fast response
, i tought so but wasnt sure how it is possible,
hope the script will fix this, thanks again for help
Posted: Wed May 16, 2007 5:12 am
by -neX-
much appreciated ReyalP!
Posted: Thu May 17, 2007 11:40 pm
by Dersaidin
Yeah, that script error was my mistake. :<
The wall which the tank blows at the start of the map (my pro cinematic intro) was able to be destroyed if allied players were fast enough to shoot a panza or some explosives at it before the tank. Then when the tank tries to shoot it, the entity has already gone, and it can't find anything :/
Theres a link to the fix (which gives the wall enough health to hold out until the tank shoots it) on the thread jump3r linked.
Posted: Sun Mar 02, 2008 9:07 pm
by ReyalP
I've corrected a couple bugs userinfocheck.lua (and the corresponding part of combinedfixes.lua.)
Updated files at the original URLs.
Thanks to DoGoD and benny for bringing to my attention that the wrong var was used in the RunFrame userinfo check.
I also found and fixed a bug where the wrong client number was printed in the log messages for the clienconnect check.
Finally, I've added a check for newlines in userinfo. This has the potential to do very bad things to log parsers such as etadmin_mod (thanks benny for pointing this out.)
I would strongly suggest not using any log parser. If you must use a log parser, make sure that it safely handles any possible newlines malicious clients could inject into your log.
The check added to userinfocheck.lua does NOT make this safe, it merely kicks people for certain attempts to do bad things. This may not happen soon enough to protect your log parser, since the game and engine print various things themselves.
Posted: Sun Mar 23, 2008 7:24 pm
by ReyalP
Another exploit, another bump. See first post.
Posted: Sun Mar 23, 2008 9:55 pm
by Luk4ward
Thanks for another fixes and nice support. Btw can u explain maybe by example what is all about those exploits with log parsers ?
Its smth like this:
1) mod is looking for 'shutdown' line
2) players is connecting with the nick 'shutdown'
3) mod thinks its an end of the map
or maybe its smth worst? Im asking about this to know how to defend or maybe help, as for priv abuse im using modified chat system from kmod
@ Nick abusing
Nicks with extra "^" like:
can be kicked (or whatever) only by punkbuster. The game is going crazy, so every such player has to be filtered out by cleaning the name or kicking maybe, im using the code from Hadro ( i just modified rename function) :
function RenameUser(clientNum, newname)
local userinfo, bname, info, msg
userinfo = et.trap_GetUserinfo(clientNum)
bname = (unfoVal(et.trap_GetUserinfo(clientNum), "name"))
if (newname == "clean") then
newname = uncol ( bname )
info = "Your nick has been cleaned ! ^1Use standard keys !"
local msg = string.format("cpm \"" .. info .. "\n")
et.trap_SendServerCommand(clientNum, msg)
elseif (newname == "cutnick") then
newname = cut_nick (bname)
info = "Your nick has been cut ! ^1Use nick with normal length !"
local msg = string.format("cpm \"" .. info .. "\n")
et.trap_SendServerCommand(clientNum, msg)
end
userinfo = et.Info_SetValueForKey(userinfo, "name", newname)
et.trap_SetUserinfo(clientNum, userinfo)
et.ClientUserinfoChanged(clientNum)
end
function uncol(arg) -- this one leaves weird ascii, unlike et.Q_CleanStr
return string.gsub(string.gsub(arg, "%^[^%^]", ""), "%^", "")
end
function unfoVal(unfo, key) -- more secure version gets value from the end of the info-string, thanks ReyalP
local index = 0
local oldcap = ""
local d, cap
while 1 do
index, d, cap = string.find(unfo, "\\"..key.."\\([^\\]+)", index+1)
if not index then return oldcap end
oldcap = cap
end
return ""
end
Posted: Sun Mar 23, 2008 10:57 pm
by ReyalP
Luk4ward wrote:Thanks for another fixes and nice support. Btw can u explain maybe by example what is all about those exploits with log parsers ?
Its smth like this:
1) mod is looking for 'shutdown' line
2) players is connecting with the nick 'shutdown'
3) mod thinks its an end of the map
Exactly. Think about what happens if a log parser looks for !kick in chat (in lua, you can intercept the command instead of reading the prints, which is much safer.)
The basic problem is that if I do
in the client console, what shows up in the server console is:
Code: Select all
say: [NW]reyalP: blah
[NW]reyalP: blah
If your log parser is looking for the "say" line (for example), someone named "say" can do something on behalf of any other player.
Note that the second line goes to the console and console log (and goes through et_Print), but not the game log.
In the case of guidcheck, it was looking for message starting with etpro IAC and some other stuff that could be put in a name.
If you are using lua, I'd suggest avoiding using et_Print callbacks if at all possible. If you must use them, think very carefully about how players could manipulate it with creative naming.
I'm not sure about the ^^7 names, I thought all those issues were already dealt with, but I guess I'll have to look at that.
Posted: Mon Mar 24, 2008 2:18 am
by jump3r
keep up the good work.
btw, does that "player's name log exploit" affects game log in any way? i ask because i made my own server stats parser...
Posted: Mon Mar 24, 2008 2:51 am
by ReyalP
jump3r wrote:keep up the good work.
btw, does that "player's name log exploit" affects game log in any way? i ask because i made my own server stats parser...
No, all it does kick users who attempt to use names that could trigger the exploit. This is NOT a general fix, it just prevents guidcheck from being exploited in that way.
Posted: Tue Apr 01, 2008 3:39 pm
by ReyalP
Another day, another bump.
Posted: Fri Apr 04, 2008 4:49 am
by crazyfrag
Code: Select all
etpro: et_RunFrame error running lua script: [string "combinedfixes.lua"]:127: attempt to call field `match' (a nil value)
Posted: Fri Apr 04, 2008 2:20 pm
by Luk4ward
heh, while i was posting about the code for catching IP You have already updated the code, many thanks !
edit:
one more code should be changed imo:
Code: Select all
if not string.match(ip,"^%d+%.%d+%.%d+%.%d+:%d+$") then
return "malformed ip"
end
to smth like this
Code: Select all
if (string.find(ip,"^%d+%.%d+%.%d+%.%d+:%d+$") == nil) then
return "malformed ip"
end
regards