*********************************** 
Jedi Knight: Jedi Academy 
*********************************** 
TITLE: No "ingame crash" patch
AUTHOR: Gamall
E-MAIL: gamall.ida@gmail.com
WEBSITE: http://gamall-ida.com

FILENAME Windows : nocrash_Win.pk3
FILENAME Linux   : jampgamei386.so
FILESIZE: < 2 Mo
DATE RELEASED: 18 March 2007

CREDITS: 

Kudos to Trimbo for his linux-ready version of the vanillia SDK.

INSTALLATION INSTRUCTIONS: 

Just put it in your server's base folder.

DESCRIPTION: 

-> Removes the vulnerability to the say/tell "aaaaaaaaaaaaaaaaaaaaaaaaa... attack, also known as ingame buffer overflow attack, in unmodified baseJKA, by truncating too long say entries and blocking too long server commands.

Just remember to use a patched (linux)jampded[.exe] as well, and your server shall be impervious to malicious crashes.

-> Logs say/tell/server overflows into the server logs, with name and id of offending client.

-> Does not alter ANY aspect of basejka past that.

-> Damages MAY be slightly altered for Linux servers. This is a consequence of the fact that I compiled with GCC instead of ICC. Most people won't notice it though. I sure wouldn't :P


COMMENTS: This is not very original, and has probably been done to the death already, but I couldn't find a fix that works on Linux on the net when someone asked me about it... so here it is.

If someone has ICC and is willing to compile a so with it, please contact me :)

///////////////////////////////////////////////////////////////

MODIFIED CODE : (from jka-universalSource, linux-ready SDK.)

void trap_SendServerCommand( int clientNum, const char *text ) {
	/* Gamall : This bit should protect the clients... */
	if(strlen(text) > 1022) 
	{ 
		G_LogPrintf( "Gamall : Client %s sent too long a command...\n", clientNum ); 
		G_LogPrintf( "Sent command : [%s]\n", text ); 
		G_LogPrintf( "Total length : %d \n", strlen(text)) ;
        return; 
	} 
	/* Gamall : END OF FIX */
	syscall( G_SEND_SERVER_COMMAND, clientNum, text );
}


/*
==================
Cmd_Say_f
==================
*/
static void Cmd_Say_f( gentity_t *ent, int mode, qboolean arg0 ) {
	char		*p;

	if ( trap_Argc () < 2 && !arg0 ) {
		return;
	}

	if (arg0)
	{
		p = ConcatArgs( 0 );
	}
	else
	{
		p = ConcatArgs( 1 );
	}

	/* FIX Gamall : This bit should prevent crashes... */
	if ( strlen(p) > 150 )
	{
		p[149] = 0 ;
		G_LogPrintf("ANTI CRASH : Cmd_Say_f entry from client %s (%d) has been truncated\n", ent->client->pers.netname, ent->s.number);
	}
	/* END OF FIX */

	G_Say( ent, NULL, mode, p );
}

/*
==================
Cmd_Tell_f
==================
*/
static void Cmd_Tell_f( gentity_t *ent ) {
	int			targetNum;
	gentity_t	*target;
	char		*p;
	char		arg[MAX_TOKEN_CHARS];

	if ( trap_Argc () < 2 ) {
		return;
	}

	trap_Argv( 1, arg, sizeof( arg ) );
	targetNum = atoi( arg );
	if ( targetNum < 0 || targetNum >= level.maxclients ) {
		return;
	}

	target = &g_entities[targetNum];
	if ( !target || !target->inuse || !target->client ) {
		return;
	}

	p = ConcatArgs( 2 );

	/* FIX Gamall : This bit should prevent crashes... */
	if ( strlen(p) > 150 )
	{
		p[149] = 0 ;
		G_LogPrintf("ANTI CRASH : Cmd_Tell_f entry from client %s (%d) has been truncated\n", ent->client->pers.netname, ent->s.number);
	}
	/* END OF FIX */

	G_LogPrintf( "tell: %s to %s: %s\n", ent->client->pers.netname, target->client->pers.netname, p );

	G_Say( ent, target, SAY_TELL, p );
	// don't tell to the player self if it was already directed to this player
	// also don't send the chat back to a bot
	if ( ent != target && !(ent->r.svFlags & SVF_BOT)) {
		G_Say( ent, ent, SAY_TELL, p );
	}
}

I also removed the improbable powf function, which, apart from yielding a result different from what its name implies, prevents compilation under VC++ 8, for reasons that are quite beyond me since its syntactically correct... Its not used anywhere in the code anyway... I'm quite puzzled by this thing... Bha...

/* 
Gamall : Removed this so as to 
allow compilation with VC++ 8. 
*/

//float powf ( float x, int y )
//{
//	float r = x;
//	for ( y--; y>0; y-- )
//		r = r * r;
//	return r;
//}

THIS MODIFICATION IS NOT MADE, DISTRIBUTED, OR SUPPORTED BY ACTIVISION, RAVEN, OR 
LUCASARTS ENTERTAINMENT COMPANY LLC. ELEMENTS TM &  LUCASARTS 
ENTERTAINMENT COMPANY LLC AND/OR ITS LICENSORS.

