Quote:
Originally Posted by kurta999
This not fixed.
pawn Code:
public OnFilterScriptInit()
{
new empty[16];//not assigning a string, then it is null. If formatting it as "" it will add the /0 character to the first byte
CallLocalFunction("test","s",empty);//afaik print doesn't crash with empty strings, calllocalfunction does
return 1;
}
forward test(aaa[]);
public test(aaa[])
{
print(aaa);
return 1;
}
|
That has been a problem for a very long time. It can be easily fixed by adding an isnull check before CallLocal/RemoteFunction. What I talk about here is that cheaters can send 0-length command (even without the slash) to the server, causing weird crashes.
As far as we discussed here, such attack can be easily blocked by insull check before processing your commands. I even made it to ban the cheater if the command checked is null. I tested my script with similar empty command hacks that can be easily found, and it successfully blocks the attack.
It is good if it is fixed in 0.3x, but I think we can't detect if anybody try to attack the server.
