SERVER BUGFIX for wwwdl bug

by EYJohn 24 Jul 2010, 12:51 ForumsEnemy Territory
This server patch fixes the wwwdl based exploit that causes all players to disconnect from all patches (including ettv). The fix is available here

LINUX http://www.ycn-hosting.com/downloads/bugfixes/et_www_fix/

Windows: http://www.trickjump.me/dl/dl.php?file=ETDED_Win_wwwdl_overflow_fix.zip (linked by Norway Dinius)


Further information about how to apply the fix yourself can be found here:
http://bani.anime.net/banimod/forums/viewtopic.php?t=6777&start=60
Thanks go to ReyalP

p.s. YCN-Hosting has already updated all servers, you will need to restart the server for the fix to apply
Comments
26
potty 24 Jul 2010, 14:04
Thanks john your awesome! See you next weekend :)
Enigma 24 Jul 2010, 14:04
what error was that?
EYJohn 24 Jul 2010, 14:18
in the log it appears something like

SV_WWWDownload: unexpected wwwdl SOMETHING for client EYJohn

(the SOMETHING changes based on the attack command)

This bug normally causes all players to disconnect when the the command is run by an attacker.

After the fix, it still shows up in the log, but only the attacker gets kicked
Parent
Deuger 24 Jul 2010, 14:58
what file do I put and where?

yes I know, i'm a nub :P
EYJohn 24 Jul 2010, 15:19
If you're on a linux host, then you need to put this file in the root directory , replacing the old etded.x86 , or ettv.x86 depending on what your server runs.

Please note these files are only for linux atm
Parent
Deuger 25 Jul 2010, 18:57
its a linux host but cant find that file :o
Parent
EYJohn 26 Jul 2010, 11:06
Ask your host about it, some hosts dont let users upload their own executable files and us stock installs, notify them about this fix and if they are good then they'll deal with it for you.
Parent
Krosan 24 Jul 2010, 15:08
Evgeny does it again! :°)
arni 24 Jul 2010, 15:09
has anyone tested the ettv.x86 yet - stable?

anything changed except for the bug (since last inofficial release?)
EYJohn 24 Jul 2010, 15:18
I tested that for some one to connect only but i see no reason for it the changes to cause any stability problems:

The only thing changed was one byte around this region:
SV_WWWDownload: unexpected wwwdl %s
->
SV_WWWDownload: unexpected wwwdl %x

I dont have the exact byte reference since i did this the lazy way

Apart from that it is the same file.
this is the source file md5 if you want to check:
5591409e64efe82b58cd2223f1fd5ffb /gsadmin/usr/games/et/base/et-2.60/ettv.x86.old
Parent
arni 24 Jul 2010, 16:20
okay, thanks for the infos, but gtvd is currently on this version:

72ba81727034d7688d7e3119a481d196 ettv.x86

which has the following version sting:

ETTV 1.0 linux-i386 Apr 10 2007

that version was never officially released, but contains a few bugfixes (i guess) - just want to make sure, that this fix is based on what we had before and not the lastest official release
Parent
Burneddi 24 Jul 2010, 20:37
I've an YCN server and it says ETTV 1.0 linux-i386 Aug 15 2006
Parent
reya1p 25 Jul 2010, 04:35
It should be safe to apply the fix described at http://bani.anime.net/banimod/forums/viewtopic.php?t=6777&start=60 to any version of etded or ettv, all it does is prevent an over long string being put in a client kick message.
Parent
plekter 27 Jul 2010, 23:25
sigh.. them guys gotta learn how to sprintf, basically same bug as RtCW crashing if you have a too fancy graphics adapter
Parent
GoodGuyGary 24 Jul 2010, 16:24
is it automatically installed on all YCN servers?
EYJohn 24 Jul 2010, 17:41
You need to restart your server for it to apply but its already installed
Parent
l4z 24 Jul 2010, 17:46
To koniec zabawy panie "xxx" z kikowaniem ludzi :DDD
Panda 24 Jul 2010, 20:23
Is this the same exploit pale was selling? l0L
Burneddi 24 Jul 2010, 20:48
I guess he was supposed to sell it but it leaked before that... It was leaked by the Cybergames admin who figured out how to reproduce it when he (pale) tried it on cyber
Parent
ng 26 Jul 2010, 18:04
bbl8er
unforgiven 26 Jul 2010, 18:07
this is only for et pro servers or works as well for the jaymod ones?
EYJohn 26 Jul 2010, 19:08
Works for all mods, this is a patch to the game, and not to the mod
Parent
Dinius 26 Jul 2010, 19:15
Engine*, both the engine and the "mod" makes up the "game" :PP
Parent
EYJohn 26 Jul 2010, 21:19
Yea thats what i meant... , funny enough i'm normally the person making that correction ^^
Parent
Back to top