24.09.2009, 10:10
After experiencing some idiot hackers on my server i found out that LADMIN has an exploit in it,
On report there's a strval bug that if you put more than 50+ characters it crashes the pawn runtime disables commands,
For example: /report 99999999999999999999999999999999999999999999999999 9
So i'd though i'd help out by releasing just this snippet of code to patch the exploit.
Pawno:
Replace code from Line 3183 to 3187
With THIS CODE:
I'd HIGHLY recommend you update your code if you're using LADMIN otherwise you are in serious danger if you have a popular server.
=Credits=
Script, Of course - LethaL
Patch code - Zezombia.
Posting/Informatics - FrostBytez
On report there's a strval bug that if you put more than 50+ characters it crashes the pawn runtime disables commands,
For example: /report 99999999999999999999999999999999999999999999999999 9
So i'd though i'd help out by releasing just this snippet of code to patch the exploit.
Pawno:
Replace code from Line 3183 to 3187
With THIS CODE:
Код:
dcmd_report(playerid,params[]) {
if(strlen(params) > 40) return 1;
new reported, tmp[256], tmp2[256], Index; tmp = strtok(params,Index), tmp2 = strtok(params,Index);
if(!strlen(params)) return SendClientMessage(playerid, red, "USAGE: /report [playerid] [reason]");
reported = strval(tmp);
=Credits=
Script, Of course - LethaL
Patch code - Zezombia.
Posting/Informatics - FrostBytez