Small Exploit Fix.

voogru · December 2002

<div class="IPBDescription">For the "aliens becoming marines" thing</div> I knew about this bug for a while, it was just a matter of time before some moron figured it out.

I have had it fixed on my server ever since i found it and i emailed flayra quietly about the bug and i told him about it and how it was done.

for the server admins who want to fix this (who wouldnt want to fix it?) i released a small metamod plugin that prevents them from running the command if they are not a commander.

The full source and DLL are here: <a href='http://www.voogru.net/www/bugfix.zip' target='_blank'>http://www.voogru.net/www/bugfix.zip</a>

I dont have linux so i cant compile it on linux, however thats why the source is there so you can compile it on linux <img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' valign='absmiddle' alt='smile.gif'>

Post if you have any problems with it.

This is in reply to:
<a href='http://www.unknownworlds.com/forums/index.php?act=ST&f=8&t=16580' target='_blank'>http://www.unknownworlds.com/forums/in...=ST&f=8&t=16580</a>
<a href='http://www.unknownworlds.com/forums/index.php?act=ST&f=1&t=16593' target='_blank'>http://www.unknownworlds.com/forums/in...=ST&f=1&t=16593</a>
<a href='http://www.unknownworlds.com/forums/index.php?act=ST&f=26&t=16573&' target='_blank'>http://www.unknownworlds.com/forums/in...T&f=26&t=16573&</a>

I included the needed metamod files, so for windows it should compile right out of the box.

Edit: It also now includes a linux compile.

cracker_jackmac · December 2002

you forgot a directory.....or mailing the file that includes main(). because all thats in the zip file are Header files.

voogru · December 2002

No, Look in the dllapi.cpp

That contains the fix, which is 9 lines of code.

</span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'>void ClientCommand(edict_t *pEntity)
{
if(FStrEq(Cmd_Argv(0), "stopcommandermode") && strcmp(g_engfuncs.pfnInfoKeyValue(g_engfuncs.pfnGetInfoKeyBuffer(pEntity), "model" ), "commander"))
{
RETURN_META(MRES_SUPERCEDE);
}
RETURN_META(MRES_HANDLED);

}</td></tr></table><span class='postcolor'>

Also, you will need the metamod source to compile it. I took out the metamod source since i am running out of space on my website.

[WHO]Them · December 2002

just gotta say, that's a whole crapload more files than you need for a client command hook....

voogru · December 2002

True, But i stripped that of all the NS Admin stuff. So it probally has files left over from it.

cindows_xp · December 2002

Good Job <img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' valign='absmiddle' alt='smile.gif'>

cindows_xp · December 2002

Ok... tested it... can't find a way around it... Good job...

[WHO]Them · December 2002

I figure that linux admins need this fix as much as windows guys now that it's out in the open.

But instead of mucking around with voogru's stuff and trying to adapt it, I just added it to spidermonkey in version 0.82 .

If you're a windows admin I would suggest sticking with voogru's since you won't have to put up with my banner when ppl join your server,
but if you're a linux admin and u just can't wait for the fix, then here u go.

Besides the banner, admins don't have to worry about spidermonkey mucking with anything else on their server, it doesn't do anything on it's own. It just adds serverside commands that can be found in the readme

tlarmon · December 2002

I think I speak for a lot of admins, voogru, when I say THANK YOU! I'll be sure to check out your fine server sometime <img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' valign='absmiddle' alt='wink.gif'>

P.S. Thanks for not adding anything extra (ie, banners).

<img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' valign='absmiddle' alt='tounge.gif'> <img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' valign='absmiddle' alt='tounge.gif'> <img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' valign='absmiddle' alt='tounge.gif'> (nudge)

MercsDragon · December 2002

Thank you very much. I've gotten very tired of people doing that.

Gelantious · December 2002

Theiggsta · December 2002

Call me a linux newbie, but any info on compiling this under linux?

a makefile would be nice <img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' valign='absmiddle' alt='wink.gif'>

Epoch · December 2002

I believe I am in the same situation as Theiggsta. Makefile, makefile! <img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' valign='absmiddle' alt='tounge.gif'>

Very nice work by the way.

coil · December 2002

Well done, voogru.

HtNickoli · December 2002

</span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Theiggsta @ Dec 19 2002, 08:07 AM)</td></tr><tr><td id='QUOTE'>Call me a linux newbie, but any info on compiling this under linux?

a makefile would be nice <img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' valign='absmiddle' alt='wink.gif'></td></tr></table><span class='postcolor'>
You will need the AdminMod install directory to compile AM scripts.

cd Adminmod/scripting/myscripts <--place the .sma file there

Edit the .sma to your likeings, Or leave it alone if your unsure.

then to compile it.

./compile name.sma
or
./compile_all

Lacking any error's, you should now have a .amx file in your Adminmod/scripting/mybinaries. Or ../mybinaries

Move or copy to your hlds_l/addons/adminmod/scripts
Make entry in your plugin.ini.
Reload the map.

FYI1: Admin_Reload, will only reload your ini or config files. It wont force a plugin reload until map reloads.
FYI2: You should ALWAYS use the -a switch when unzipping things in linux. IE: unzip -a name.zip.

EDIT:

LOL, OPS. Actually took a look at the attachment. This is not a adminmod plugin(see what happens when you make assumptions. Good thing I just had a shower. Foot doesn't taste so bad.). Its a metamod plugin. So although the above is how to compile adminmod plugins, it's not needed for this. This script is already compiled. Both win32 and *unix bins are included. Just place the .so file in your hlds_l/ns/addons/metamod/dlls. and edit your metamod.ini file.

cracker_jackmac · December 2002

mucho errors still on voogru's plugin (for linux)

gcc -I../includes -o 104fix.so voogru_api.cpp 2> ../help.txt

yes i did it with unzip -a

but i'm use to having a make file as well....i bet i'm missing a silly flag as i'm not use to running gcc for myself.

voogru · December 2002

Dont forget you need to download the metamod source code to compile it. The source code for MM goes in the "src" folder.

Update:

My site appears to be down so i put the file up on my game server.

<a href='http://www.voogru.net/www/bugfix.zip' target='_blank'>http://www.voogru.net/www/bugfix.zip</a>

I included the needed metamod files, so for windows it should compile right out of the box.

Flayra · December 2002

Nice work. I've fixed this in v1.04 (the big reason for getting it done ASAP) and I'm hoping to release it before Xmas to nip this in the bud. Thanks.

cracker_jackmac · December 2002

</span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (voogru @ Dec 19 2002, 12:23 PM)</td></tr><tr><td id='QUOTE'>Dont forget you need to download the metamod source code to compile it. The source code for MM goes in the "src" folder.

Update:

My site appears to be down so i put the file up on my game server.

<a href='http://www.voogru.net/www/bugfix.zip' target='_blank'>http://www.voogru.net/www/bugfix.zip</a>

I included the needed metamod files, so for windows it should compile right out of the box.</td></tr></table><span class='postcolor'>
hahah, i'm an idiot

tlarmon · December 2002

Why don't you just compile a version for Win32 (.dll)? I have no idea how to compile this -- and there's no .dll file to use.

voogru · December 2002

</span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (tlarmon @ Dec 19 2002, 01:38 PM)</td></tr><tr><td id='QUOTE'>Why don't you just compile a version for Win32 (.dll)? I have no idea how to compile this -- and there's no .dll file to use.</td></tr></table><span class='postcolor'>
Ooops <img src='http://www.unknownworlds.com/forums/html/emoticons/wow.gif' border='0' valign='absmiddle' alt='wow.gif'>

forgot to include the dll in that zip, its on there now.

SandTyger · December 2002

I've got it installed. I'm able to:

meta load bugfix

And the bugfix will load. But how do I get it to load automatically? I tried putting:

// Load Bugfix
meta load bugfix

At the end of the server.cfg, but it didn't work.

-Brendan
aka SandTyger

voogru · December 2002

Add it to the plugins.ini for metamod

win32 dlls/bugfix.dll

saubloed · December 2002

</span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> ([WHO]Them @ Dec 19 2002, 08:16 AM)</td></tr><tr><td id='QUOTE'>I figure that linux admins need this fix as much as windows guys now that it's out in the open.

But instead of mucking around with voogru's stuff and trying to adapt it, I just added it to spidermonkey in version 0.82 .

If you're a windows admin I would suggest sticking with voogru's since you won't have to put up with my banner when ppl join your server,
but if you're a linux admin and u just can't wait for the fix, then here u go.

Besides the banner, admins don't have to worry about spidermonkey mucking with anything else on their server, it doesn't do anything on it's own. It just adds serverside commands that can be found in the readme</td></tr></table><span class='postcolor'>
Thank you! Great plugin!

Edit:
Hmm - i have many problems with it so i will try the other plugin.

Brutus · December 2002

If anybody compiles this for Linux please post it.

Here is a mirror for the win one.

www.cofrfps.com/downloads/bugfix.zip

Raptor091288 · December 2002

hey voogru... i believe you just gave away how to do it... not saying where but it looks like it, i'll check it out in a LAN game, not an internet game cause im not a little **obscenity** that is there to ruin ppls fun

voogru · December 2002

Yea if you look at the source youll see how to do it. Thats how i stop it.

It would be kinda impossible for me to release the source and hide that in it.

[WHO]Them · December 2002

</span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Raptor091288 @ Dec 19 2002, 10:36 PM)</td></tr><tr><td id='QUOTE'>hey voogru... i believe you just gave away how to do it... not saying where but it looks like it, i'll check it out in a LAN game, not an internet game cause im not a little **obscenity** that is there to ruin ppls fun</td></tr></table><span class='postcolor'>
That's why I added it to spidermonkey instead of just letting people who run linux servers wait it out till 1.04

This is definetly voogru's find, I'm totally out of the loop as far as bugs/exploits , had someone already managed to compile the bugfix for linux i wouldn't have bothered with adding it in to spidermonkey.

but that hasn't happened, so any server admin can install voogru's bugfix plugin for their windows server, or my spidermonkey plugin with the fix built in for their linux server.

So as long as the server admins are committed enough to their server to learn how to work metamod then it doesn't much matter how open it is

MayIPostNow · December 2002

printf("THANK YOU!");

Brutus · December 2002

Are all the other settings off by default on this spidermonkey plugin?

BioHazard · December 2002

voogru
i sent you a IM on another thing i found and would like to see if you could add to this plugin.

Small Exploit Fix.

Comments