halflife icon indicating copy to clipboard operation
halflife copied to clipboard
verified publisher icon ValveSoftware

HLTV crashes when an empty clc_stringcmd message is received

Open Splatt581 opened this issue 6 years ago • 1 comments

A crash will occur if in clc_stringcmd after the message id specify immediately the end of the string (03 00 bytes). But it also works if you send a command that does not have Latin characters, that is, only Unicode is present.

How to reproduce:

  1. Connect to HLTV server;
  2. Execute the cmd тест in the client console;
  3. HLTV server should crash.

Perhaps this bug only works on Windows versions of HLTV.

Splatt581 avatar May 10 '19 18:05 Splatt581

@shawns-valve This vulnerability exists in the latest HLTV build - 10185. To fix this bug you should add a check for the absence of an incoming command in BaseClient::ProcessStringCmd and ProxyClient::ProcessStringCmd:

if (!cmdLine.CountToken()) {
		m_System->DPrintf("WARNING! BaseClient::ProcessStringCmd: invalid command string.\n");
		return false;
	}

The solution is taken from ReHLDS commit: https://github.com/dreamstalker/rehlds/pull/838/files

Splatt581 avatar Oct 03 '24 17:10 Splatt581