gmod-keypad icon indicating copy to clipboard operation
gmod-keypad copied to clipboard

Published 20 hours ago verified publisher icon willox

Crash exploit

Open Alex2259 opened this issue 6 years ago • 3 comments

Keypad cracker can be used to crash a server by sending net messages

Resulting in this being spammed & a crash

[ERROR] addons/cracker/lua/entities/keypad/init.lua:18: attempt to call method 'GetStatus' (a nil value)

  1. func - addons/cracker/lua/entities/keypad/init.lua:18
  2. unknown - lua/includes/extensions/net.lua:32

Alex2259 avatar Jan 06 '19 18:01 Alex2259

Please could you provide us with detailed steps on how to reproduce the errors and crash?

Jophes avatar Jan 06 '19 18:01 Jophes

I'm unsure how exactly it can be reproduced. All I know is it uses the keypad entity and/or the keypad cracker to spam net messages. SRCDS itself won't crash, at least not right away, but it disconnects all clients.

Alex2259 avatar Jan 06 '19 19:01 Alex2259

I couldn't reproduce the issue, I tried exploiting the keypad/cracker in various ways with modified clients but no luck since the keypad and cracker already have spam protection from a previous PR #19. I've created PR #21 to simply patch the error that you were seeing. Please update us if you see this issue happen again.

Jophes avatar Jan 06 '19 21:01 Jophes