Description
Description
Details
Details
- Committed
elexis Nov 7 2018, 11:56 PM - Parents
- rP21927: The files in this path were not marked as moved in rP21926...
- Branches
- Unknown
- Tags
- Build Status
Buildable 6433 Build 10655: Trigger Windows Autobuild Build 10654: Post-Commit Build Jenkins
Event Timeline
Comment Actions
This segfault was found by registering a dead STUN game at xpartamupp using #5335, then trying to join that game.
It's pretty bad as it can be used to segfault anyone who joined the lobby with 0ad that isnt hosting without any effort:
/**
* This crashes (triggers a nullpointer-dereference / segfault fixed by https://code.wildfiregames.com/rP21928).
* a player (identified by the given lobby username) that isn't hosting.
* The attacker must be in the lobby UI page (because the XmppClient must be initialized and the NetClient may not be initialized).
*/
function kill(playername)
{
// published after a23 release
}
/**
* This disconnects every player in the lobby except moderators and hosts.
*/
function killall()
{
openURL("https://www.youtube.com/watch?v=3WAOxKOmR90")
Engine.PopGuiPage();
for (let player of Engine.GetPlayerList())
kill(player.name);
}The lobby administrator can track STUN join requests (in particular the spammed one) using:
clear; grep 'session-initiate' /var/log/ejabberd/ejabberd.log | grep jingle | awk -F"to=" '{print $2}' | awk -F"type=" '{print $1}'And the players who host with STUN are found using:
clear; grep '<<"hostUsername">>\|<<"stunIP">>\|jabber:iq:gamelist' /var/log/ejabberd/ejabberd.log
or
clear; grep "xmlns='jabber:iq:gamelist'><game" /var/log/ejabberd/ejabberd.log