www.Usenet.com
www.Usenet.com
| <-- __Chronological__ --> | <-- __Thread__ --> |
>From the xpilot hacks mailing list:
Hi.
When running a server, I've stumbled upon 2 bugs in the XPilot
server, which both can potentially crash it. I believe the bugs affect
all of the currently running XPilot servers.
The more serious bug is in the server '/get' command, where
getting the value of a string option (type char *) with value NULL
(for example option serverhost) will result in a strlcpy() call with a
source of NULL.
The other bug is in the rfrac() function. The function casts its
return value to DFLOAT (float on Unix-like systems), potentially making
the value equal to 1.0 (this happens if randomMT() returns a value greater
or equal to 0xffffff80). The problem with this is that rfrac() is
often used to obtain a random index for an array, gradually leading to
server memory corruption, and a crash.
Uoti Urpala has fixed these bugs in Improved XPilot, version
4.5.4X2. People running 4.5.4X or 4.5.4X-1 servers should upgrade to
4.5.4X2. Here's a tarball for Unix:
http://www.hut.fi/~ksoderbl/xpilot/xpilot-4.5.4X2.tar.gz
I've made a patch for XPilot 4.5.4:
http://xpilot.sourceforge.net/patches/null.diff
Have a nice day,
Kristian Söderblom
| <-- __Chronological__ --> | <-- __Thread__ --> |
