Activity
From 2007-09-16 to 2007-09-29
2007-09-22
2007-09-16
- 19:30 Revision 9b5cdd3d (github): re-instate debug guards left out in svn commit 5032
- 19:25 Revision 28880f02 (github): Attempt to fix CVE-2007-4642 - undelimited strcpy in PKT_CHAT - know known exploits of this. Fix works by utilising a smarter string copy that is bounds checked to ensure all strings are null terminated - even if it means discarding input
- 18:52 Revision 9554766a (github): Attempt to fix CVE-2007-4642 - Luigi Auriemma's exploit 4 static buffer-overflow in NetSv_ReadCommands no longer effective. Fix works by discarding all commands in excess of MAX_COMMANDS
- 16:52 Revision c904eeb8 (github): Block off other possible msgBuff overflow vectors - no known exploits for these - yet
- 16:48 Revision 934ec2cb (github): Attempt to fix CVE-2007-4642 - Luigi Auriemma's exploit 1 D_NetPlayerEvent global buffer-overflow using PKT_CHAT and exploit 2 Msg_Write global buffer-overflow through PKT_CHAT no longer effective. Fix works by clamping the copying to NETBUFFER_MAXMESSAGE chars at most
Also available in: Atom