0.3x-R2 client security update (pre-release 2) - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP (https://sampforum.blast.hk/forumdisplay.php?fid=3)
+--- Forum: General (https://sampforum.blast.hk/forumdisplay.php?fid=13)
+--- Thread: 0.3x-R2 client security update (pre-release 2) (/showthread.php?tid=485095)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP (https://sampforum.blast.hk/forumdisplay.php?fid=3)
+--- Forum: General (https://sampforum.blast.hk/forumdisplay.php?fid=13)
+--- Thread: 0.3x-R2 client security update (pre-release 2) (/showthread.php?tid=485095)
0.3x-R2 client security update (pre-release 2) - Kalcor - 02.01.2014
An SA-MP client update (0.3x-R2) will soon be available to address some security issues. It is being released in this section temporarily for testing.
Please don't use this thread to say 'thanks' etc. This thread is for feedback about the new client to make sure nothing is broken before it is released.
SA-MP 0.3x-R2 client update
An exploitable vector exists in client portion of SA-MP's TextDraw system. A malicious server owner might be able to execute arbitrary code on the SA-MP client by sending a specially crafted string.
This is normally only a problem if you join untrustworthy servers. So far we haven't seen any servers using the exploit against their players. It's still highly recommended that everyone update to this new client once it is released.
Fixes:
- Fixes buffer overflow in client portion of the TextDraw system.
- Fixes the game's improper handling of '~' format codes in TextDraws.
- Fixes for mouse control being lost when going between SA-MP and the GTA:SA (Esc) menu.
- Fixes the server browser's improper handling of malformed data from the server.
This pre-release client is being made available to test the fixes to the mouse control. On many systems, the mouse control will be lost when you enter the GTA:SA menu, and mouse control over the game will also be lost when you return from the menu. Many people have solved this problem using the 'mousefix.asi' addon, although this should no longer be needed.
Please report if you experience any problems with the new update.
Updates:
0.3x-R2 Client Pre-release 2:
- Fixes 'Range Check' error in server browser.
- Various TextDraw format code fixes.
Download:
0.3x-R2 Client (Pre-release 2)
0.3x-R2 Client (Pre-release 1)
Re: 0.3x-R2 client security update (pre-release) - DrTHE - 02.01.2014
After the update that was one TextDraw Green went on to appear white (there was no change in the script)
Before
After
source: http://forum.sa-mp.com/showthread.ph...55#post2846955
Re: 0.3x-R2 client security update (pre-release) - Meta - 03.01.2014
Wow, finally that mouse problem is gone
Nice work, security updates are always good to have.
EDIT:
Now I experience a
when I try to join any server from the server browser.
Re: 0.3x-R2 client security update (pre-release) - FUNExtreme - 03.01.2014
While testing this release I've come up to an error stating "Error: can't use k-codes in long string".
The error pops up with the FIRST string in the code below, the rest of the strings are included because even though some are longer, they do not give the error.
Note: The command in which this textdraw string is used has been in a public server for 2 weeks now (and a lot longer in testing), but not once has a player reported crashes caused by this.
Код:
{"Abandoned Airport~n~Bridge Jump~n~BMX Parkour~n~Dead Jump~n~Base Jump~n~Kermis Jump~n~Loop Ride~n~Roller Coaster~n~Roof Stunt~n~Clown Pocket Jump~n~Trampoline~n~Underground Jump~n~Underground Airport~n~Way To Death~n~Hop Da Hop~n~NRG Parkour 1~n~NRG Parkour 2~n~Small Jump~n~Drift 1~n~Drift 2"},
{"Drift 3~n~Drift 4~n~Drift 5~n~Drift 6~n~Drift 7~n~Drift 8~n~Drift 9~n~Drift 10~n~Arch Angels Tuning Shop~n~LocoLow Savanna Tuning Shop~n~Las Venturas Airport~n~Los Santos Airport~n~San Fierro Airport~n~Mount Chilliad~n~San Fierro~n~Los Santos~n~Las Venturas~n~Grove Street~n~Sky Road 1~n~Cool Jump"},
{"Water Jump 1~n~Water Jump 2~n~Huge Jump~n~SkatePark~n~Big Jump~n~Building Jump~n~Sky Road 2~n~The House~n~The Ship~n~Four Dragons Casino~n~Warehouse Deathmatch~n~Island Deathmatch~n~Police Deathmatch~n~Dam Deathmatch~n~Liberty Deathmatch~n~Base Deathmatch~n~Arena Deathmatch~n~Zombotech Deathmatch~n~Factory Deathmatch~n~Rooftop Deathmatch"},
{"Massive Jump~n~The First RSW Race~n~Las Venturas Race~n~San Fierro Madness~n~Hospital Race~n~Race Five~n~Beach Race~n~Casino Race~n~Area 51 Race~n~Escape Los Santos~n~Escape San Fierro~n~Chilliad Race~n~Offroad Race~n~San Fierro Drift~n~Channel Race~n~Maddog Race~n~vRock Hotel Race~n~Railroad Race~n~Damn Race~n~Las Venturas Highway"},
{"Las Venturas Drag~n~Kingring Race~n~Desert Race~n~San Fierro Drag~n~Los Santos Drag~n~County Drag~n~Jump Race~n~Catalina Race~n~Ranger Race~n~Beach Line Race~n~Los Santos Yards~n~NRG Race"}
AW: Re: 0.3x-R2 client security update (pre-release) - d0 - 03.01.2014
Quote:
|
Originally Posted by DrTHE
 After the update that was one TextDraw Green went on to appear white (there was no change in the script)
Before After |
Quote:
|
Originally Posted by FUNExtreme
While testing this release I've come up to an error stating "Error: can't use k-codes in long string".
The error pops up with the FIRST string in the code below, the rest of the strings are included because even though some are longer, they do not give the error. Note: The command in which this textdraw string is used has been in a public server for 2 weeks now (and a lot longer in testing), but not once has a player reported crashes caused by this. Код:
{"Abandoned Airport~n~Bridge Jump~n~BMX Parkour~n~Dead Jump~n~Base Jump~n~Kermis Jump~n~Loop Ride~n~Roller Coaster~n~Roof Stunt~n~Clown Pocket Jump~n~Trampoline~n~Underground Jump~n~Underground Airport~n~Way To Death~n~Hop Da Hop~n~NRG Parkour 1~n~NRG Parkour 2~n~Small Jump~n~Drift 1~n~Drift 2"},
{"Drift 3~n~Drift 4~n~Drift 5~n~Drift 6~n~Drift 7~n~Drift 8~n~Drift 9~n~Drift 10~n~Arch Angels Tuning Shop~n~LocoLow Savanna Tuning Shop~n~Las Venturas Airport~n~Los Santos Airport~n~San Fierro Airport~n~Mount Chilliad~n~San Fierro~n~Los Santos~n~Las Venturas~n~Grove Street~n~Sky Road 1~n~Cool Jump"},
{"Water Jump 1~n~Water Jump 2~n~Huge Jump~n~SkatePark~n~Big Jump~n~Building Jump~n~Sky Road 2~n~The House~n~The Ship~n~Four Dragons Casino~n~Warehouse Deathmatch~n~Island Deathmatch~n~Police Deathmatch~n~Dam Deathmatch~n~Liberty Deathmatch~n~Base Deathmatch~n~Arena Deathmatch~n~Zombotech Deathmatch~n~Factory Deathmatch~n~Rooftop Deathmatch"},
{"Massive Jump~n~The First RSW Race~n~Las Venturas Race~n~San Fierro Madness~n~Hospital Race~n~Race Five~n~Beach Race~n~Casino Race~n~Area 51 Race~n~Escape Los Santos~n~Escape San Fierro~n~Chilliad Race~n~Offroad Race~n~San Fierro Drift~n~Channel Race~n~Maddog Race~n~vRock Hotel Race~n~Railroad Race~n~Damn Race~n~Las Venturas Highway"},
{"Las Venturas Drag~n~Kingring Race~n~Desert Race~n~San Fierro Drag~n~Los Santos Drag~n~County Drag~n~Jump Race~n~Catalina Race~n~Ranger Race~n~Beach Line Race~n~Los Santos Yards~n~NRG Race"}
|
Re: 0.3x-R2 client security update (pre-release) - Redirect Left - 03.01.2014
this update breaks some of the colors on my server, although why I have no idea why. Would you like to tell me proper usage of colors, so I can figure out why it doesn't work and where I am going wrong?
AW: Re: 0.3x-R2 client security update (pre-release) - d0 - 03.01.2014
Quote:
|
Originally Posted by Redirect Left
this update breaks some of the colors on my server, although why I have no idea why. Would you like to tell me proper usage of colors, so I can figure out why it doesn't work and where I am going wrong?
|
Re: 0.3x-R2 client security update (pre-release) - xeeZ - 03.01.2014
Quote:
|
Originally Posted by Meta
Wow, finally that mouse problem is gone
Nice work, security updates are always good to have. EDIT: Now I experience a when I try to join any server from the server browser. |
Re: AW: Re: 0.3x-R2 client security update (pre-release) - Mandrakke - 03.01.2014
Quote:
|
Originally Posted by d0
Could you provide code to reproduce this issue ?
Same issue here. Must be an issue with the detection of k-codes as the strings you provided don't contain any of these. |
pawn Код:
new DiasDaSemanaX[7][10] = {
"Domingo",
"Segunda",
"Terca",
"Quarta",
"Quinta",
"Sexta",
"Sabado"
};
pawn Код:
new Text:Relogio;
pawn Код:
new irelogio[64];
pawn Код:
Relogio=TextDrawCreate(610,10,"00:00");
TextDrawLetterSize(Relogio,0.5,1.8);
TextDrawFont(Relogio,3);
TextDrawAlignment(Relogio,3);
TextDrawBackgroundColor(Relogio,0x000000FF);
TextDrawSetOutline(Relogio,1);
TextDrawBoxColor(Relogio, 0x000000FF);
TextDrawSetShadow(Relogio,1);
pawn Код:
format(irelogio,sizeof(irelogio),"~g~%s ~n~0%d:0%dhs",DiasDaSemanaX[DiaDaSemana],Hrs,Min); //Replace DiasDaSemanaX[DiaDaSemana] to DiasDaSemanaX[3] or other array item.
pawn Код:
if(strlen(irelogio)) TextDrawSetString(Relogio,irelogio);
pawn Код:
public OnPlayerSpawn(playerid)
{
TextDrawShowForPlayer(playerid,Relogio);
}
Sorry about the delay, ich habe keine Zeit
Re: 0.3x-R2 client security update (pre-release) - iZN - 03.01.2014
Quote:
|
Originally Posted by xeeZ
Same error here (Windows 8.1), can't connect even to localhost
|
Re: 0.3x-R2 client security update (pre-release 2) - d0 - 15.01.2014
Quote:
|
Originally Posted by ikey07
Any possible dates when this version could be officially released?
|
Re: 0.3x-R2 client security update (pre-release 2) - ikey07 - 15.01.2014
Oh thanks, this topic should be moved to News and Updates, thats why I was wondering why players complain that they can't connect, as I kicked players who didn't used R1-2 version
Respuesta: Re: 0.3x-R2 client security update (pre-release 2) - IvanAyuso - 16.01.2014
Quote:
|
Originally Posted by d0
Check http://sa-mp.com/download.php (Client 0.3x R2)
|
Re: Respuesta: Re: 0.3x-R2 client security update (pre-release 2) - dugi - 16.01.2014
Quote:
|
Originally Posted by IvanAyuso
And it's totally official and is well tested without errors?
|
Re: 0.3x-R2 client security update (pre-release 2) - Locky_ - 31.01.2014
Quote:
|
Originally Posted by d0
Check http://sa-mp.com/download.php (Client 0.3x R2)
|