BaseJKA Security Fix

Miscellaneous programs and scripts, opensource or not, and sometimes, random mathematical stuff.
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

cybermaniac wrote:might be useful for monitoring reasons (eg, xx connections per month? )
buffering or not does not change anything over a month. I only changes things over short (ie. 4 or 5 connections) periods of time.

I have a feeling I'm not following your train of though here :foufou What exactly was your question when you asked "how would i set the server to write to "ga_ConnectLog.txt"?"

-> Were you surprised that no file appeared on your test server ?
-> Were you looking for a cvar to alter the logs ? (filename, contents...)
-> Did you want to know how to alter the source code to add something in the logs ?
-> ...

I answered the first question, but I am not sure it was what you were asking... :quoi
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Re: BaseJKA Security Fix

Post by cybermaniac »

you already answered my question for now thx :D

im just used to instant writing on logs :P

thx :D
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

I have been informed by evan1715 of another vulnerability [server crash], affecting both base JK2 and JKA, now confirmed by my tests.

I'll make a fix when I get some free time.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

To answer questions asked by MP (which should not have been asked by MP :D) and before someone else jumps on the band-wagon...

-> There is no use asking about the vulnerability unless you are a mod developer and intend to work on an open-source fix before I do. I'll describe the bug in detail when I release the fix.

-> I won't release the fix a part of BaseJKA Security Fix directly, but as a generalist source workaround for JK2 and JKA, which modders can use to patch their own mods without wasting their time. Some mods already have this patched, or so it seems, but they are not open source and do not document the bug, so they are utterly useless for new modders.

I will probably release patched BaseJKA Security Fix binaries in the process, as proof that the fix actually works, but won't do anything else. I have many other projects (some concerning JKA, btw) and not a tenth of the time I would need for them, so something has to go... which is why I released the source code. [Third time I repeat this...]
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
evan1715
Posts: 95
Joined: Fri Nov 09, 2007 11:51 pm
Location: Florida
Contact:

Re: BaseJKA Security Fix

Post by evan1715 »

lol people are asking about the crash? lol i'll answer that

If you did receive the crash, you probably could not use it on any JKA 1.01 or JK2 1.04 servers because they all have mods, patched mods to be be specific. JA+ Mod has a fix for it for sure.

:hiroshima
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

(splitted preceding discussion to a private part of the forum, since it advertised the crash a bit too much ;) )

Following said discussion, workaround in progress :)
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

Okay....

I have written a satisfying fix for JKA & JK2. I'll document and release it in a few days at most, along with patched binaries for BaseJKA Security Fix. :)

Thanks to evan1715 for informing me of this bug. (though he makes my nerves itch :D )

edit : test server at 213.251.186.99:29070 (Dragon's Lair Base linux, running BJSF 1.1a)

edit: I figured why my windows test server didn't crash: mods built in debug mode don't crash with that bug :lol

edit: fix online : -> viewtopic.php?f=3&t=356
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
evan1715
Posts: 95
Joined: Fri Nov 09, 2007 11:51 pm
Location: Florida
Contact:

Re: BaseJKA Security Fix

Post by evan1715 »

Gamall wrote:Thanks to evan1715 for informing me of this bug. (though he makes my nerves itch :D )
oh i know you love me lol
Gamall wrote:edit : test server at 213.251.186.99:29070 (Dragon's Lair Base linux, running BJSF 1.1a)
ok what the fizzle happend here bub?
I dont know if you own that server, if you do check ur logs i was there under the name JediDog.
I was testing your mod and it appears you disabled your clever fake detection, but kept hard code on and i appear to be auto banned when i was testing ur mod ^_^. Can you unban me ? lol its the ip that is 65.32 which u can see the full one if u need it, u own this forum. :P Could you turn off autoban for now? :S But your forcecrash patch works pretty good in my opinion.

Why did u turn off clever? OOH IS IT DOING THAT BUG I TOLD U ABOUT IN THE PRIVATE MESSAGE BEFORE U BANNED ME? (lol)
evan1715 wrote:anyway about ur mod, the q3fill stuff... so i now have 4 monitors when u connect to a server, the illegal character, and 3 anti q3fill things: model, cl_guid and i added cl_punkbuster because model kept messing up and rejecting clients (i think)since it detects for model and model is in jk2... it works fine when it is only model and cl_guid but since i have to use illegal char, i made a new one cl_punkbuster and just leave clever off
Don't forget to unban. :)
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

You're unbanned on the server. Autoban is still on :P

PS And yes I own the server. I host several JKA servers on that linux box, and this one is my testing ground.
evan1715 wrote:Why did u turn off clever? OOH IS IT DOING THAT BUG I TOLD U ABOUT IN THE PRIVATE MESSAGE BEFORE U BANNED ME? (lol)
I think it's high time I explained (one of the reasons) why I banned you :soupir Now that my exams are behind me, I have a tad more patience...

I banned you because this
evan1715 wrote:also, i found a weird thing in ur code

Code: Select all

	if( strcmp(gaCleverFakeDetection, "none") != 0 && strcmp(gaCleverFakeDetection, "") != 0)
	{
		if (strcmp(Info_ValueForKey(userinfo, gaCleverFakeDetection), "") == 0)
thats the beginning of ur clever
this is the beginning of hard:

Code: Select all

	if( strcmp(gaHardFakeDetection, "none") != 0 && strcmp(gaHardFakeDetection, "") != 0)
	{
		if (strcmp(Info_ValueForKey (userinfo, gaHardFakeDetection),"") != 0)
notice on the second line on the first one at the end of it u have ==0 and on the second line of hard code u have !=0, why the difference?
... shows that you haven't even tried to do your homework :gamall Especially since I already answered this question TWICE in the old topic. (at least)

I temp-banned you so that, instead of coming here posting the same questions over and over again without realizing it, you would have time to sit your arse down, think, reread the readme of my mod (yes, the answer is there), teach yourself some C, read q3fill's code, and actually learn something in the process. And spare my poor nerves.
:RTFM
Sooo, if I was really hypocritical, I might say that I banned you for your own good, if that's what it takes to help you help yourself. :archange
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
evan1715
Posts: 95
Joined: Fri Nov 09, 2007 11:51 pm
Location: Florida
Contact:

Re: BaseJKA Security Fix

Post by evan1715 »

umm ok, u still haven't said why you turned clever off :S, i'm a curious person o_o

and u didn't explain the difference between != and == in the other topic because i remember u replying just like u did this 1 and saying to go read a book :P

but fine next time i ask a question simple like "!=" & "==" i'll google instead of asking something smarter than a search engine. but still google has failed...

p.s. thanks for the unban :)
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

Okaaaay...

1° I did not turn "Clever" off. Auriemma has just updated q3fill to bypass the default setting of the "Clever" detection for this mod. (ie. added "model" by default to the userinfo string)

2° == means "is equal to" and != means "is different from".

As for strcmp -> http://www.cppreference.com/stdstring/strcmp.html (I gave you the link already).

Soo the clever block means "if the info [model by default] does not appear in userinfo (is "") then it's a fake because something is missing". It's called "Clever" because it worked much better than letting the bots in and kicking them when there are too many.

And the hard one means "if that info [cl_guid by default] appears in userinfo (is not "") then it's a fake because there is something which should not be there". It's called hardcoded detection because, at the time I wrote this, cl_guid was hardcoded into q3fill. Now it is on by default but can be disabled.

[Note before some harcode C geek barges in: Yes, I do know there are simpler ways to do this... I just did not when I wrote that stuff :haha ]

And to truly understand why is works (or used to by default), you need to take a peek at q3fill's code, or at the userinfos it produces.
evan1715 wrote: i remember u replying just like u did this 1 and saying to go read a book :P
If you just buy (er... and read... and work with ;)) a good C book, it will answer most of your questions, and the ones left will be truly interesting questions.

Or buy a good novel, it's fine too :huhu
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
evan1715
Posts: 95
Joined: Fri Nov 09, 2007 11:51 pm
Location: Florida
Contact:

Re: BaseJKA Security Fix

Post by evan1715 »

OOOH, ok thanks xD

You thing Luigi set it to bypass? Eh, not when I did it on my mod. When my clever was working (before I added illegal char and cl_punkbuster) I used the current version he has out right now and it still blocked it. So uh I don't really know :P but for a new "hard-coded" you can add the cl_punkbuster. Yeah I tested -g on your server first 'cause it still let them in so I assumed you had clever off, then when I took off -g it banned me lol... for your "clever" thing again you can change it to color1\0 for saber colors o_O I didn't see that in there
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

Auriemma is constantly updating his prog... the last version is less than a week old ;)
evan1715 wrote:ut for a new "hard-coded" you can add the cl_punkbuster.
evan1715 wrote: for your "clever" thing again you can change it to color1\0 for saber colors
Yes, but the point is to let the admin choose.

If I change the default settings of my mod, it will just encourage Luigi to adapt q3fill. And at this game, he couldn't loose, since there is ultimately no way to tell a real request from a fake one, if the fake one is carefully made. So I leave the default settings in my mod, even though they are not current anymore, and each admin can then use their own settings. And they will work.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
evan1715
Posts: 95
Joined: Fri Nov 09, 2007 11:51 pm
Location: Florida
Contact:

Re: BaseJKA Security Fix

Post by evan1715 »

oh true, but u can still add options :)

and by the way, he changes it this week because i asked for a couple of options on his forum xD (yes i seem to annoy him too but hes more tolerant lol)
Luigi forum post
User avatar
evan1715
Posts: 95
Joined: Fri Nov 09, 2007 11:51 pm
Location: Florida
Contact:

Re: BaseJKA Security Fix

Post by evan1715 »

Hey, Gamall would you be willing to create a "BaseJK2 Security Fix?" I could inform you of all the JK2 bugs.
Post Reply

Who is online

Users browsing this forum: Google Adsense [Bot] and 86 guests