Complete.Org: Mailing Lists: Archives: freeciv-dev: July 2002:
[Freeciv-Dev] Re: Server security bugs (PR#1848)

[Freeciv-Dev] Re: Server security bugs (PR#1848)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	freeciv-dev@xxxxxxxxxxx
Cc:	bugs@xxxxxxxxxxxxxxxxxxx
Subject:	[Freeciv-Dev] Re: Server security bugs (PR#1848)
From:	Raimar Falke <rf13@xxxxxxxxxxxxxxxxx>
Date:	Mon, 29 Jul 2002 03:52:14 -0700 (PDT)

On Sun, Jul 28, 2002 at 11:52:40AM +0200, Mateusz Stefek wrote:
> I've found several bugs by sending random data to the server.
> The server doesn't check:
>  - packet_nation_used length
>  - PACKET_PLAYER_REMOVE_VISION->value (players id)
>  - packet_player_request->government
>  - PACKET_PLAYER_CANCEL_PACT->value (players id)
>  - packet_alloc_nation->nation_no
>  - packet_unit_request->unit_id (The bug is in
> handle_unit_change_homecity())
> Patch is attached.
> I still don't know what to do when _server_ receives invalid 
> PACKET_ATTRIBUTE_CHUNK

I clean the patch and bit up. The policy in packets.c is to expect the
cap the count at the array size.

        Raimar

-- 
 email: rf13@xxxxxxxxxxxxxxxxx
 "It is not yet possible to change operating system by writing
  to /proc/sys/kernel/ostype."              sysctl(2) man page

security2.diff
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] Re: Server security bugs (PR#1848), Raimar Falke <=

Prev by Date: [Freeciv-Dev] Re: help-button (PR#1847)
Next by Date: [Freeciv-Dev] maintenance cost in city screen (PR#1813)
Previous by thread: [Freeciv-Dev] Re: help-button (PR#1847)
Next by thread: [Freeciv-Dev] maintenance cost in city screen (PR#1813)
Index(es):
- Date
- Thread