View Single Post
  #1  
Unread 19th July, 2010, 03:16 AM
AnthraX's Avatar
AnthraX AnthraX is offline
Administrator
 
Join Date: Jun 2004
Location: Ghent (Belgium)
Posts: 1,378
Default [Release] unreliable-adv security patch

This is a security patch for UT v451 servers. The vulnerability is described here: http://aluigi.altervista.org/adv/unreliable-adv.txt

The UT v440/451 windows and linux servers are affected by this vulnerability. UT v436 is immune. This patch only works on v451 servers. Do NOT install it on v440/436 servers. Due to the nature of the function that contains the vulnerability, I cannot fix this externally in ServerCrashFix. The only way to fix this properly is to edit the source code (but it doesn't look like that's going to happen). This patch doesn't fix the vulnerability, it simply prevents the server from crashing.

Installation:

* Shut down the server.
* If you run linux, replace Engine.so with the file attached to this post. If you run windows, replace Engine.dll.
* Restart the server.

For Unreal Engine licensees:

In UnChan.cpp, UChannel::ReceivedRawBunch:

Replace:

checkSlow(NumInRec<=RELIABLE_BUFFER);

With:

if (NumInRec>=RELIABLE_BUFFER-1)
{
Connection->State = USOCK_Closed;
}
Attached Files
File Type: zip unreliable-adv-patch.zip (1.25 MB, 243 views)

Last edited by AnthraX : 19th July, 2010 at 03:22 AM.
Reply With Quote