Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
cl_filterstuffcmd bypass problem #1497
You can bypass any slowhack protection by sending a specified message for the client. This messages can be done by AMX Mod X plugins.
Here is some stocks for AMXX:
Or another way with CBuf_Exute using \x0A instead of ';' we can forward cmds to CBuf_AddText.
referenced this issue
Apr 26, 2016
The first approach abuses the director command message to stuff text from the local client's side. Special case code can be written in CL_Parse_Director:
Trivially easy to fix.
You can't filter only by one received
Alright, so incoming strings should first be preprocessed to skip newlines that occur at the start.
Should probably do a thorough check in the command buffer code to see if any other edge cases like this exist though.
I see, that's not quite as simple to fix. You could "fake" execute it first to parse out the wait commands, but that's not easy to do in this codebase.
Basically like that. Then you can just filter out illegal commands by pruning them from the list.
It's costly compared to how it does things now, it might be cheaper to just stick in special commands in front and back that denote when the command came from the server (with special handling for the director message and other exploitable commands in official games), which would make the command processor filter them out.
Of course, a complete rewrite is probably saner than trying to work around it. I'd rewrite it to preparse the commands and store the origin of the message (again with special handling for directormessage) so that the parser will filter them out. That would increase memory usage, which means out of memory issues will show up more frequently due to how the engine manages memory. I suppose you could statically allocate command buffers and define a hardcoded number of commands each can have, not sure.
Maybe take Source's version?
EDIT: looks like Source just marks commands with flags to ensure they can only be executed if the necessarily privileges are set:
Seeing as these cvars and commands are internal, they could probably be updated to work with flags. Both already have a flags variable, so adding this is possible, although mods that re-purposed free flags might have issues. Whatever Source uses to secure execution can probably be backported.