The query protocol is byte based. The only time a zero byte matters is when a string is sent in the packet (i.e the command string for which query to run). All of our string handling routines for packets forcefully zero terminate strings at the size of their buffer. There was an exploit when a user sent a malformed info string on connecting, but not zero terminating a string won't matter (the command will just fail because it will be malformed).
Terry wrote: > I had the same thought. I suppose it's possible this person may have > an older version that has this behavior. I saw other packet traces > from this same program that were all terminated properly. > > I guess I was hoping to hear from someone at Valve about what the > expected behavior would be. > > > ----- Original Message ----- > From: "Jeroen "ShadowLord" Bogers" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, August 11, 2003 9:19 AM > Subject: Re: [hlds_apps] HLDS Server Query Protocol > > >> What I mean is, maybe your server is being crashed by the exploit. >> If the HL server suffers from a bug that it can crash from > queries by a > very >> common monitoring program, wouldn't a LOT more HL server ops have >> this problem? Just a thought... >> >> Jeroen "ShadowLord" Bogers >> >> ----- Original Message ----- >> From: "Terry" <[EMAIL PROTECTED]> >> To: <[EMAIL PROTECTED]> >> Sent: Monday, August 11, 2003 05:49 >> Subject: RE: [hlds_apps] HLDS Server Query Protocol >> >> >>> I know I *should* upgrade to the new version (and I will > be very soon), >> but >>> that doesn't answer the question of whether this *is* the > problem I'm >> having >>> right now. >>> >>> I'm not running the client, I'm running HLDS as a dedicated server. >>> >>> When I do upgrade, I'll extend this question to the > 4.1.1.1d version. > How >>> will that server handle request packets that are not > terminated with a >> zero >>> byte? >>> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] Behalf Of Jeroen >>> "ShadowLord" Bogers Sent: Sunday, August 10, 2003 10:38 PM >>> To: [EMAIL PROTECTED] >>> Subject: Re: [hlds_apps] HLDS Server Query Protocol >>> >>> >>> You should be running 4.1.1.1d, since any previous > version of the HL >> server >>> has a security hole, that enables other people to freeze > you HL, crash >> your >>> HL, crash your machine or even take control of your machine! >>> >>> Also, running 1.x.x.x as server (which means you are using the >>> client as server) is a bad idea, since it almost always lags behind >>> in server versions. Install the full dedicated Windows server >>> instead. >>> >>> Jeroen "ShadowLord" Bogers >>> >>> ----- Original Message ----- >>> From: "Terry" <[EMAIL PROTECTED]> >>> To: <[EMAIL PROTECTED]> >>> Sent: Monday, August 11, 2003 00:12 >>> Subject: [hlds_apps] HLDS Server Query Protocol >>> >>> >>>> The "server protocl.txt" file that ships with the HL SDK says : >>>> >>>> "Messages are sent to the server by sending 4 consecutive bytes of >>>> 255 (32-bit integer -1) and then the string command > followed by a zero > byte >> to >>>> terminate it" >>>> >>>> How does HLDS (Windows) handle packets that are sent to > it that are > NOT >>>> terminated with a zero byte. The reason I ask, is my server was >>>> crashing every few minutes. I thought I might be under some > kind of attack so > I >>> ran >>>> a packet sniffer and noticed a number of packets that > were being sent > by >> a >>>> popular game server monitoring program that were not > terminated with a >>> zero >>>> byte. It looked as if it had a fixed size send buffer which is >>>> getting stuffed with "ping", "info" etc, and it was sending the > entire buffer >> with >>>> trailing garbage and all. >>>> >>>> Here's a few examples (showing only the relevant data section of >>>> the packet): >>>> >>>> 0x0020 E0 68 1B DA 69 87 00 13-60 42 FF FF FF FF 70 6C >>>> ah.Ui?..`Byyyypl 0x0030 61 79 65 72 73 08 3B 96-62 23 EC 78 >>>> ayers.;-b#ix >>>> >>>> 0x0020 E0 68 1B DA 69 87 00 12-C0 40 FF FF FF FF 73 74 >>>> [EMAIL PROTECTED] 0x0030 61 74 75 73 1D 62 65 61-63 6F 6E 40 >>>> atus.beacon@ >>>> >>>> 0x0020 E0 68 1B DA 69 87 00 15-D2 E6 FF FF FF FF 67 65 >>>> ah.Ui?..Oayyyyge 0x0030 74 73 74 61 74 75 73 10-2E 1D 32 E4 >>>> tstatus...2a >>>> >>>> 0x0020 E0 68 1B DA 69 87 00 12-3F CF 5C 65 63 68 6F 5C >>>> ah.Ui?..?I\echo\ 0x0030 48 4C 53 57 56 F3 2C CB-91 F9 08 D2 >>>> HLSWVo,E'u.O >>>> >>>> Could these packets be crashing my Windows 1.1.1.0 server? >>>> >>>> >>>> >>>> _______________________________________________ >>>> hlds_apps mailing list >>>> [EMAIL PROTECTED] >>>> http://list.valvesoftware.com/mailman/listinfo/hlds_apps >>>> >>> >>> >>> _______________________________________________ >>> hlds_apps mailing list >>> [EMAIL PROTECTED] >>> http://list.valvesoftware.com/mailman/listinfo/hlds_apps >>> >>> >>> _______________________________________________ >>> hlds_apps mailing list >>> [EMAIL PROTECTED] >>> http://list.valvesoftware.com/mailman/listinfo/hlds_apps >>> >>> >> >> >> _______________________________________________ >> hlds_apps mailing list >> [EMAIL PROTECTED] >> http://list.valvesoftware.com/mailman/listinfo/hlds_apps > > > _______________________________________________ > hlds_apps mailing list > [EMAIL PROTECTED] > http://list.valvesoftware.com/mailman/listinfo/hlds_apps _______________________________________________ hlds_apps mailing list [EMAIL PROTECTED] http://list.valvesoftware.com/mailman/listinfo/hlds_apps
