Description
Description
Details
Details
- Committed
elexis Nov 7 2018, 11:56 PM - Parents
- rP21927: The files in this path were not marked as moved in rP21926...
- Branches
- Unknown
- Tags
- Build Status
Buildable 6433 Build 10655: Trigger Windows Autobuild Build 10654: Post-Commit Build Jenkins
Event Timeline
Comment Actions
This segfault was found by registering a dead STUN game at xpartamupp using #5335, then trying to join that game.
It's pretty bad as it can be used to segfault anyone who joined the lobby with 0ad that isnt hosting without any effort:
/** * This crashes (triggers a nullpointer-dereference / segfault fixed by https://code.wildfiregames.com/rP21928). * a player (identified by the given lobby username) that isn't hosting. * The attacker must be in the lobby UI page (because the XmppClient must be initialized and the NetClient may not be initialized). */ function kill(playername) { // published after a23 release } /** * This disconnects every player in the lobby except moderators and hosts. */ function killall() { openURL("https://www.youtube.com/watch?v=3WAOxKOmR90") Engine.PopGuiPage(); for (let player of Engine.GetPlayerList()) kill(player.name); }
The lobby administrator can track STUN join requests (in particular the spammed one) using:
clear; grep 'session-initiate' /var/log/ejabberd/ejabberd.log | grep jingle | awk -F"to=" '{print $2}' | awk -F"type=" '{print $1}'
And the players who host with STUN are found using:
clear; grep '<<"hostUsername">>\|<<"stunIP">>\|jabber:iq:gamelist' /var/log/ejabberd/ejabberd.log
or
clear; grep "xmlns='jabber:iq:gamelist'><game" /var/log/ejabberd/ejabberd.log