Fix RakNet::RakString Security Bug
All checks were successful
minecraft-pi-reborn/pipeline/head This commit looks good
All checks were successful
minecraft-pi-reborn/pipeline/head This commit looks good
This commit is contained in:
parent
d114a2d668
commit
a9830c3bba
@ -1,5 +1,8 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
**2.1.4**
|
||||||
|
* Fix RakNet::RakString Security Bug
|
||||||
|
|
||||||
**2.1.3**
|
**2.1.3**
|
||||||
* Workaround Broken Library Search Path On Some ARM 32-Bit Systems
|
* Workaround Broken Library Search Path On Some ARM 32-Bit Systems
|
||||||
|
|
||||||
|
@ -360,6 +360,9 @@ static uint32_t FillingContainer_linked_slots_length_property_offset = 0x14; //
|
|||||||
|
|
||||||
// RakNet::RakString
|
// RakNet::RakString
|
||||||
|
|
||||||
|
typedef unsigned char *(*RakNet_RakString_t)(unsigned char *rak_string, const char *format, ...);
|
||||||
|
static RakNet_RakString_t RakNet_RakString = (RakNet_RakString_t) 0xea5cc;
|
||||||
|
|
||||||
typedef void (*RakNet_RakString_Assign_t)(unsigned char *rak_string, const char *str);
|
typedef void (*RakNet_RakString_Assign_t)(unsigned char *rak_string, const char *str);
|
||||||
static RakNet_RakString_Assign_t RakNet_RakString_Assign = (RakNet_RakString_Assign_t) 0xe9e34;
|
static RakNet_RakString_Assign_t RakNet_RakString_Assign = (RakNet_RakString_Assign_t) 0xe9e34;
|
||||||
|
|
||||||
|
@ -64,6 +64,16 @@ static void LoginPacket_read_injection(unsigned char *packet, unsigned char *bit
|
|||||||
free(new_username);
|
free(new_username);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Fix RakNet::RakString Security Bug
|
||||||
|
//
|
||||||
|
// RakNet::RakString's format constructor is often given unsanitized user input and is never used for formatting,
|
||||||
|
// this is a massive security risk, allowing clients to run arbitrary format specifiers, this disables the
|
||||||
|
// formatting functionality.
|
||||||
|
static unsigned char *RakNet_RakString_injection(unsigned char *rak_string, const char *format, ...) {
|
||||||
|
// Call Original Method
|
||||||
|
return (*RakNet_RakString)(rak_string, "%s", format);
|
||||||
|
}
|
||||||
|
|
||||||
// Init
|
// Init
|
||||||
void init_misc() {
|
void init_misc() {
|
||||||
if (feature_has("Remove Invalid Item Background", 0)) {
|
if (feature_has("Remove Invalid Item Background", 0)) {
|
||||||
@ -82,6 +92,9 @@ void init_misc() {
|
|||||||
// Sanitize Username
|
// Sanitize Username
|
||||||
patch_address(LoginPacket_read_vtable_addr, (void *) LoginPacket_read_injection);
|
patch_address(LoginPacket_read_vtable_addr, (void *) LoginPacket_read_injection);
|
||||||
|
|
||||||
|
// Fix RakNet::RakString Security Bug
|
||||||
|
overwrite_calls((void *) RakNet_RakString, RakNet_RakString_injection);
|
||||||
|
|
||||||
// Init C++
|
// Init C++
|
||||||
_init_misc_cpp();
|
_init_misc_cpp();
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user