Short description: Access restriction circumvention, remote crash
Related bug reports:
Patches: (sometimes more fuzz is needed to apply them)
- For version 0.7.0 up to including 1.0.0
- For version 0.6.0 up to including 0.6.3
- For version 0.5.1 up to including 0.5.3
- For version 0.3.5 up to including 0.5.0
It is possible to circumvent the server password of a network game. It is possible in two cases: 1.you know the company password of one of the companies 1.one of the companies has no password
In both cases you send the company password (or “” if there is none) when you receive the request for the server’s password.
This fix also prevents reading invalid data and possibly crashing a server when a spectator sends a company password packet. Even though this is technically a different vulnerability, the fix for the access restriction circumvention fixes the other vulnerability too as it will never request and thus accept company password packets from spectators.
Note that this is a custom fix for backports as a more elobarate fix with a different network protocol was used for 1.0.1 and trunk (r19607). However, we cannot break the network protocol for older versions thus this version is needed. This version does not change the network protocol, except for a misbehaving client that sends the company password if the server password is expected. In this case the client is disconnected citing a protocol error.