Oversize infostring Hack

airman · 2005-02-22 18:47:55 UTC

I’ve seen forum references to the “ERROR: Info_SetValueForKey: oversize infostring” message. The replies recommend reducing sets statements.

I have not seen any reference to ability to hack servers by exploiting the Quake3 engine bug. The bug is described as:

The Quake 3 engine has problems to handle big queries allowing an
attacker to shutdown any game server based on this engine.

Is SD working to rememdy this problem or is there some official patch that I’m not aware of? Some of our servers are currently experiencing such attacks.

See http://aluigi.altervista.org/adv/q3infoboom-adv.txt for more info.

Thanks.

Craven · 2005-02-22 19:16:37 UTC

You might check here…
Nevermind…

uber_noob · 2005-02-22 20:17:59 UTC

Do you really believe SD is going to do anything on ET in the future and release another patch? You must be dreaming.

ET would really need some engine fixes. But face it, ET doesn’t generate income, so it would be a waste of money to delegate worktime on it. And this is something a serious company isn’t going to do.

DG1 · 2005-02-22 21:35:35 UTC

neither would be releasing ET in the first place. if they’re going to release something as a PR exercise, they can fix it as a PR excercise too. A “serious” company knows the value of PR.

Serverside so there’s no disruption or whatever, and it seems the fix is rather simple. I dont rate the chances very highly, but wouldnt dismiss it offhand either.

SCDS_reyalP · 2005-02-23 05:04:34 UTC

updated ettv (which can be used as a dedicated server, without any of the tv features turned on) has been released:
http://bani.anime.net/banimod/forums/viewtopic.php?t=5506

Jaquboss · 2005-02-23 12:06:30 UTC

I think that you can just increase one number in sources , maybe you can try to search for that error message , i did it and it worked