Skip to content

Added buffer security checks in sentence.cpp #334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
PistonMiner wants to merge 1 commit into from
Closed

Added buffer security checks in sentence.cpp #334

PistonMiner wants to merge 1 commit into from

Conversation

@PistonMiner
Copy link

@PistonMiner PistonMiner commented Sep 4, 2015

This fixes a buffer overflow using malicious sound files. This exploit is currently commonly being used during the current attacks on Source engine games and allows for arbitrary code execution.

Affected mods include but are not limited to:

  • Fistfull of frags
  • Team Fortress 2 Classic
  • Fortress Forever
  • No more room in hell
  • Vikings and Knights 2
  • Counterstrike: Source

IMPORTANT: This is by far not the only vulnerability available to these mods. Most vulnerabilities are contained in the Source SDK 2013 Base and are not available in code form. In live games such as TF2 and CS:GO, many of these have been patched. I recommend that these changes are ported immediately.

--PistonMiner

@Nephyrin
Copy link
Member

Nephyrin commented Sep 10, 2015

This and other known security issues have been resolved in the latest SDK update

@Nephyrin Nephyrin closed this Sep 10, 2015
@squeek502
Copy link

squeek502 commented Sep 10, 2015

@Nephyrin, will those security fixes be backported to earlier engine versions (2006 SDK in particular)?

@joeangry
Copy link

joeangry commented Sep 11, 2015

@squeek502 seems extremely unlikely.

GamerDude27 added a commit to Nbc66/source-sdk-2013-ce that referenced this pull request Sep 13, 2020
@GamerDude27
[MP] Fixed a buffer overflow caused by malicious sound files
f6b301b 
See ValveSoftware/source-sdk-2013#334
@SC1040-TS2
Copy link

SC1040-TS2 commented May 24, 2021
edited
Loading

This and other known security issues have been resolved in the latest SDK update

Necroposter here. This security vulnerability is also present in the SP branch, at relevant lines starting from https://github.com/ValveSoftware/source-sdk-2013/blob/master/sp/src/public/sentence.cpp#L457 onward based on the Files changed section here.

Was this ever also applied to the SP branch, Nephyrin, or only the MP branch?

FriskTheFallenHuman added a commit to FriskTheFallenHuman/mapbase-mp that referenced this pull request Nov 28, 2022
@FriskTheFallenHuman
fix(Security): Fixed a buffer overflow caused by malicious sound files
3e0be83 
See ValveSoftware#334
strubium added a commit to strubium/source-sdk-2013-smeagled that referenced this pull request Feb 27, 2024
@strubium
Add buffer security checks ValveSoftware#334
f06c0d5
Rainyan pushed a commit to NeotokyoRebuild/neo that referenced this pull request Jul 1, 2024
@GamerDude27 @nullsystem
[MP] Fixed a buffer overflow caused by malicious sound files
ed0a5d9 
See ValveSoftware/source-sdk-2013#334
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@PistonMiner @Nephyrin @squeek502 @joeangry @SC1040-TS2