SA-MP Forums

Go Back   SA-MP Forums > SA-MP > General

Reply
 
Thread Tools Display Modes
Old 02/01/2014, 10:57 PM   #1
Kalcor
SA-MP Developer
 
Join Date: Apr 2005
Posts: 1,016
Reputation: 2802
Spray 0.3x-R2 client security update (pre-release 2)

An SA-MP client update (0.3x-R2) will soon be available to address some security issues. It is being released in this section temporarily for testing.

Please don't use this thread to say 'thanks' etc. This thread is for feedback about the new client to make sure nothing is broken before it is released.

SA-MP 0.3x-R2 client update

An exploitable vector exists in client portion of SA-MP's TextDraw system. A malicious server owner might be able to execute arbitrary code on the SA-MP client by sending a specially crafted string.

This is normally only a problem if you join untrustworthy servers. So far we haven't seen any servers using the exploit against their players. It's still highly recommended that everyone update to this new client once it is released.

Fixes:

- Fixes buffer overflow in client portion of the TextDraw system.
- Fixes the game's improper handling of '~' format codes in TextDraws.
- Fixes for mouse control being lost when going between SA-MP and the GTA:SA (Esc) menu.
- Fixes the server browser's improper handling of malformed data from the server.

This pre-release client is being made available to test the fixes to the mouse control. On many systems, the mouse control will be lost when you enter the GTA:SA menu, and mouse control over the game will also be lost when you return from the menu. Many people have solved this problem using the 'mousefix.asi' addon, although this should no longer be needed.

Please report if you experience any problems with the new update.

Updates:

0.3x-R2 Client Pre-release 2:

- Fixes 'Range Check' error in server browser.
- Various TextDraw format code fixes.

Download:
0.3x-R2 Client (Pre-release 2)
0.3x-R2 Client (Pre-release 1)

Last edited by Kalcor; 03/01/2014 at 11:28 PM.
Kalcor is offline   Reply With Quote
Old 02/01/2014, 11:49 PM   #2
DrTHE
High-roller
 
DrTHE's Avatar
 
Join Date: Feb 2011
Location: Belo Horizonte, Brazil
Posts: 1,152
Reputation: 150
Default Re: 0.3x-R2 client security update (pre-release)

After the update that was one TextDraw Green went on to appear white (there was no change in the script)

Before


After


source: http://forum.sa-mp.com/showthread.ph...55#post2846955

Last edited by DrTHE; 03/01/2014 at 02:35 PM. Reason: source code
DrTHE is offline   Reply With Quote
Old 03/01/2014, 12:05 AM   #3
Meta
Gangsta
 
Meta's Avatar
 
Join Date: Feb 2010
Posts: 624
Reputation: 47
Default Re: 0.3x-R2 client security update (pre-release)

Wow, finally that mouse problem is gone
Nice work, security updates are always good to have.

EDIT:
Now I experience a

when I try to join any server from the server browser.
Meta is offline   Reply With Quote
Old 03/01/2014, 12:38 AM   #4
FUNExtreme
Gangsta
 
Join Date: Mar 2008
Posts: 792
Reputation: 128
Default Re: 0.3x-R2 client security update (pre-release)

While testing this release I've come up to an error stating "Error: can't use k-codes in long string".
The error pops up with the FIRST string in the code below, the rest of the strings are included because even though some are longer, they do not give the error.

Note: The command in which this textdraw string is used has been in a public server for 2 weeks now (and a lot longer in testing), but not once has a player reported crashes caused by this.

Code:
{"Abandoned Airport~n~Bridge Jump~n~BMX Parkour~n~Dead Jump~n~Base Jump~n~Kermis Jump~n~Loop Ride~n~Roller Coaster~n~Roof Stunt~n~Clown Pocket Jump~n~Trampoline~n~Underground Jump~n~Underground Airport~n~Way To Death~n~Hop Da Hop~n~NRG Parkour 1~n~NRG Parkour 2~n~Small Jump~n~Drift 1~n~Drift 2"},
{"Drift 3~n~Drift 4~n~Drift 5~n~Drift 6~n~Drift 7~n~Drift 8~n~Drift 9~n~Drift 10~n~Arch Angels Tuning Shop~n~LocoLow Savanna Tuning Shop~n~Las Venturas Airport~n~Los Santos Airport~n~San Fierro Airport~n~Mount Chilliad~n~San Fierro~n~Los Santos~n~Las Venturas~n~Grove Street~n~Sky Road 1~n~Cool Jump"},
{"Water Jump 1~n~Water Jump 2~n~Huge Jump~n~SkatePark~n~Big Jump~n~Building Jump~n~Sky Road 2~n~The House~n~The Ship~n~Four Dragons Casino~n~Warehouse Deathmatch~n~Island Deathmatch~n~Police Deathmatch~n~Dam Deathmatch~n~Liberty Deathmatch~n~Base Deathmatch~n~Arena Deathmatch~n~Zombotech Deathmatch~n~Factory Deathmatch~n~Rooftop Deathmatch"},
{"Massive Jump~n~The First RSW Race~n~Las Venturas Race~n~San Fierro Madness~n~Hospital Race~n~Race Five~n~Beach Race~n~Casino Race~n~Area 51 Race~n~Escape Los Santos~n~Escape San Fierro~n~Chilliad Race~n~Offroad Race~n~San Fierro Drift~n~Channel Race~n~Maddog Race~n~vRock Hotel Race~n~Railroad Race~n~Damn Race~n~Las Venturas Highway"},
{"Las Venturas Drag~n~Kingring Race~n~Desert Race~n~San Fierro Drag~n~Los Santos Drag~n~County Drag~n~Jump Race~n~Catalina Race~n~Ranger Race~n~Beach Line Race~n~Los Santos Yards~n~NRG Race"}
__________________

FUNExtreme is offline   Reply With Quote
Old 03/01/2014, 12:39 AM   #5
d0
Beta Tester
 
d0's Avatar
 
Join Date: Oct 2007
Location: Germany
Posts: 435
Reputation: 135
Default AW: Re: 0.3x-R2 client security update (pre-release)

Quote:
Originally Posted by DrTHE View Post
After the update that was one TextDraw Green went on to appear white (there was no change in the script)

Before


After
Could you provide code to reproduce this issue ?

Quote:
Originally Posted by FUNExtreme View Post
While testing this release I've come up to an error stating "Error: can't use k-codes in long string".
The error pops up with the FIRST string in the code below, the rest of the strings are included because even though some are longer, they do not give the error.

Note: The command in which this textdraw string is used has been in a public server for 2 weeks now (and a lot longer in testing), but not once has a player reported crashes caused by this.

Code:
{"Abandoned Airport~n~Bridge Jump~n~BMX Parkour~n~Dead Jump~n~Base Jump~n~Kermis Jump~n~Loop Ride~n~Roller Coaster~n~Roof Stunt~n~Clown Pocket Jump~n~Trampoline~n~Underground Jump~n~Underground Airport~n~Way To Death~n~Hop Da Hop~n~NRG Parkour 1~n~NRG Parkour 2~n~Small Jump~n~Drift 1~n~Drift 2"},
{"Drift 3~n~Drift 4~n~Drift 5~n~Drift 6~n~Drift 7~n~Drift 8~n~Drift 9~n~Drift 10~n~Arch Angels Tuning Shop~n~LocoLow Savanna Tuning Shop~n~Las Venturas Airport~n~Los Santos Airport~n~San Fierro Airport~n~Mount Chilliad~n~San Fierro~n~Los Santos~n~Las Venturas~n~Grove Street~n~Sky Road 1~n~Cool Jump"},
{"Water Jump 1~n~Water Jump 2~n~Huge Jump~n~SkatePark~n~Big Jump~n~Building Jump~n~Sky Road 2~n~The House~n~The Ship~n~Four Dragons Casino~n~Warehouse Deathmatch~n~Island Deathmatch~n~Police Deathmatch~n~Dam Deathmatch~n~Liberty Deathmatch~n~Base Deathmatch~n~Arena Deathmatch~n~Zombotech Deathmatch~n~Factory Deathmatch~n~Rooftop Deathmatch"},
{"Massive Jump~n~The First RSW Race~n~Las Venturas Race~n~San Fierro Madness~n~Hospital Race~n~Race Five~n~Beach Race~n~Casino Race~n~Area 51 Race~n~Escape Los Santos~n~Escape San Fierro~n~Chilliad Race~n~Offroad Race~n~San Fierro Drift~n~Channel Race~n~Maddog Race~n~vRock Hotel Race~n~Railroad Race~n~Damn Race~n~Las Venturas Highway"},
{"Las Venturas Drag~n~Kingring Race~n~Desert Race~n~San Fierro Drag~n~Los Santos Drag~n~County Drag~n~Jump Race~n~Catalina Race~n~Ranger Race~n~Beach Line Race~n~Los Santos Yards~n~NRG Race"}
Same issue here. Must be an issue with the detection of k-codes as the strings you provided don't contain any of these.
__________________
<3
d0 is offline   Reply With Quote
Old 03/01/2014, 01:00 AM   #6
Redirect Left
High-roller
 
Redirect Left's Avatar
 
Join Date: Mar 2007
Location: Yorkshire, England
Posts: 1,025
Reputation: 362
Default Re: 0.3x-R2 client security update (pre-release)

this update breaks some of the colors on my server, although why I have no idea why. Would you like to tell me proper usage of colors, so I can figure out why it doesn't work and where I am going wrong?
Redirect Left is offline   Reply With Quote
Old 03/01/2014, 01:11 AM   #7
d0
Beta Tester
 
d0's Avatar
 
Join Date: Oct 2007
Location: Germany
Posts: 435
Reputation: 135
Default AW: Re: 0.3x-R2 client security update (pre-release)

Quote:
Originally Posted by Redirect Left View Post
this update breaks some of the colors on my server, although why I have no idea why. Would you like to tell me proper usage of colors, so I can figure out why it doesn't work and where I am going wrong?
Could you provide an example ? (with pictures ?)
__________________
<3
d0 is offline   Reply With Quote
Old 03/01/2014, 01:13 AM   #8
PT
Godfather
 
PT's Avatar
 
Join Date: Nov 2012
Location: Portugal
Posts: 7,177
Reputation: 780
Default Re: 0.3x-R2 client security update (pre-release)

here, the textdraw colors change green to white.. ( only in some, on clock )

it's a bug from this update?
PT is offline   Reply With Quote
Old 03/01/2014, 01:14 AM   #9
Redirect Left
High-roller
 
Redirect Left's Avatar
 
Join Date: Mar 2007
Location: Yorkshire, England
Posts: 1,025
Reputation: 362
Default Re: AW: Re: 0.3x-R2 client security update (pre-release)

Quote:
Originally Posted by d0 View Post
Could you provide an example ? (with pictures ?)
Yes.

Here is an image
Note the missing colors on the numbers 7 & 8, and the white produced is also brighter than normal. These colors worked fine in previous version. Code is below.

Code:
format(string1,sizeof(string1),"~b~~n~7)~w~ Custom Plate: ~y~%s ~b~~n~8)~w~ Achievement Notifications: ~y~%s~n~~b~9)~w~ Auto Reject Duels: ~y~%s~n~~b~10)~w~ Vehicle Object: ~y~%s",ShowPlate(playerid),IntegerToYesNo(aInfo[playerid][ShowAch]),IntegerToYesNo(aInfo[playerid][RejectDuels]),GetVObjectName(aInfo[playerid][vObject]));
Also worth noting, the numbers 1 to 6 are on a different text draw entirely, so not included here.


Can you verify for me please, is this my error, or an issue with new SA:MP?

edit: talking to FUNExtreme on IRC, he noted this, may be worth looking into by devs?
Quote:
Originally Posted by IRC
[02:27] <FUNExtreme> I just saw your code
[02:27] <FUNExtreme> And I've expected something since I saw the first report
[02:28] <FUNExtreme> is it possible, that the problem only occurs when the color comes before the newline?
[02:28] <FUNExtreme> It happens with 7 and 8, which have ~b~~n~
[02:28] <FUNExtreme> 9 is fine, and has ~n~~b~
- he replied himself below too
Redirect Left is offline   Reply With Quote
Old 03/01/2014, 01:20 AM   #10
FUNExtreme
Gangsta
 
Join Date: Mar 2008
Posts: 792
Reputation: 128
Default Re: AW: Re: 0.3x-R2 client security update (pre-release)

Quote:
Originally Posted by Redirect Left View Post
Yes.

Here is an image
Note the missing colors on the numbers 7 & 8. These colors worked fine in previous version. Code is below.

Code:
format(string1,sizeof(string1),"~b~~n~7)~w~ Custom Plate: ~y~%s ~b~~n~8)~w~ Achievement Notifications: ~y~%s~n~~b~9)~w~ Auto Reject Duels: ~y~%s~n~~b~10)~w~ Vehicle Object: ~y~%s",ShowPlate(playerid),IntegerToYesNo(aInfo[playerid][ShowAch]),IntegerToYesNo(aInfo[playerid][RejectDuels]),GetVObjectName(aInfo[playerid][vObject]));
Also worth noting, the numbers 1 to 6 are on a different text draw entirely, so not included here.


Can you verify for me please, is this my error, or an issue with new SA:MP?
If I may add a little observation, since the first report of this I have assumed that ~n~ somehow resets the color. As you can see in the string above, the affected lines (7 and have the color code before the newline while the others (9 and 10) have the newline first and then the color.
__________________

FUNExtreme is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SUGGESTION] More security login for next update SA-MP. RicardoMaia General 5 10/10/2013 05:12 PM
Before Server Release - Security Measures. English-Conceptz Scripting Help 2 30/11/2011 02:30 PM
We need a NEW security update gizmo90 Server Support 13 25/03/2009 10:15 AM
Security breaches [update] Woet Server Support 3 30/01/2009 03:25 PM


All times are GMT. The time now is 06:32 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.