The callsigns used by the clients are not checked or re-delimited by the server so is possible for a client to pass a callsign with no NULL bytes at its end causing problems (crash) to the server during the handling of this string. On both Linux and Windows for x86 (using the precompiled packages) I have reached the server crash without problems but is possible that in some configurations the crash could happen after many tries or also never, depending by how the memory is handled on that platform. The bug can be exploited also versus password protected servers without knowing the right keyword. http://aluigi.altervista.org/adv/bzflagboom-adv.txt
One more on games team plate. Too bad Luigi decided to do more auditing on games servers while our games team is silent :)
it's masked.
Can bzflag be split into server and client ebuilds? It sounds like this doesn't affect the client.
No masking GLSA as this is not a critical security issue. Setting this to enhancement to remember to remove bzflag at some point in the future. Asking to separate between server and client should be done a separate non-security bug, assigend to teh games team.
remove? For about a 4 lines patch to apply ? :( I love bzflag
At comment #5: which 4-line patch, Tupone? Please attach?
Created attachment 82128 [details, diff] bzflag-callsignfix.patch Patch to fix callsign, and others, ... overflow
Tupone: feel free to fix the package and unmask it instead, as an actual fix is *always* the preferred solution.
Fixed in CVS. Please stabilize bzflag-2.0.4.20050930
I meant to stabilize bzflag-2.0.4.20050930-r1 Sorry
security flaw fixed. package unmasked
I've marked this stable on x86.
stable on amd64.
It was marked stable on ppc I think bug could be closed
This one is ready for GLSA decision. I tend to vote NO.
I tend to vote NO too for DoS on game server. Closing, feel free to reopen if you disagree.
