==================================================================================== # # this file has been created for the Lame patcher program available for both *nix # and Windows platforms. # You need this program for continuing the patching of your files: # # http://aluigi.org/mytoolz.htm#lpatch # # Quick step-by-step for Windows: # - launch lpatch.exe # - select this cod2vawo.lpatch file # - read the message windows and click yes # - select the file (usually executables or dlls) to patch # - read the message windows to know if everything has been patched correctly # - test your game # # Quick step-by-step for Linux: # - compile lpatch: gcc -c md5.c ; gcc -o lpatch lpatch.c md5.o # - launch ./lpatch cod2vawo.lpatch # - read the text messages # - specify the name of the file to patch # - read the text messages to know if everything has been patched correctly # - test your game TITLE Call of Duty 2 (1.3) work-around for the va() bug 0.1 by Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org INTRO This unofficial patch for Call of Duty 2 is a work-around for the following problem: . - Attempted to overrun string in call to va() ................................................................................ . this problem happens when the game tries to build a string longer than 1024 . chars using va(), the function which calls snprintf and returns a pointer to . its static buffer. . Seems that this problem is caused by too much map names which overflow the . info string containing the names and crc of the game maps, but it could be . also exploited by some attackers (no proof-of-concept known at the moment). . The reason of the limiting of the buffer size from the old 32000 bytes to only . 1024 is a mistery which nobody knows... . The solution I have adopted for stopping this bug is just the skipping of the . Com_Error call which shutdowns the server and the setting of len to zero. . This is the best choice versus attacks that exploit this bug but I don't know . if this solution is good for the maps problem too, admins refer to this . problem as map rotation or sum mismatch bug too: . http://www.iwnation.com/Forums/index.php?showtopic=24161 . The patch is available only for the latest releases of both Windows and Linux of the game Call of Duty 2 (1.3), older versions will be NOT supported by me so don't ask FILE CoD2MP_s.exe;cod2_lnxded ONLY_ONE ; WINDOWS ; Attempted to overrun string in call to va() BYTES_ORIGINAL C6 ?? FF 03 00 00 00 ; mov byte[esi+000003FF], 00 7C 07 ; jl 0044A9EB 3D 00 04 00 00 ; cmp eax, 00000400 7C 0F ; jl 0044A9FA 68 ?? ?? ?? ?? ; push 005AAE70 6A 01 ; push 001 E8 ?? ?? FE FF ; call 004324C0 83 C4 08 ; add esp, 008 BYTES_PATCH ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 33 C0 ; xor eax, eax 90 90 90 90 90 90 90 90 90 90 90 90 90 ; LINUX ; Attempted to overrun string in call to va() ; 80b8054 BYTES_ORIGINAL c7 44 24 04 80 f8 14 08 ; mov DWORD PTR [esp+4],0x814f880 c7 04 24 01 00 00 00 ; mov DWORD PTR [esp],0x1 e8 cb 90 fa ff ; call 8061124 BYTES_PATCH c7 45 f4 00 00 00 00 ; mov DWORD PTR [ebp-12],0x0 31 c0 ; xor eax,eax 90 90 90 90 90 90 90 90 90 90 90 ====================================================================================