Application: Halo: Combat Evolved http://www.bungie.net/Games/HaloPC/ Versions: <= 1.4 Platforms: Windows and MacOS Bug: off-by-one (Denial of Service) Risk: medium/high Exploitation: remote, versus server Date: 09 September 2004 Author: Luigi Auriemma e-mail: firstname.lastname@example.org web: http://aluigi.altervista.org
1) Introduction 2) Bug 3) The Code 4) Fix
=============== 1) Introduction ===============
Halo is the widely known game originally developed by Bungie Studios and ported on PC by Gearbox Software (http://www.gearboxsoftware.com). It has been released in September 2003.
====== 2) Bug ======
Halo uses the Gamespy SDK and moreover the handshake algorithm provided in this library (http://aluigi.altervista.org/papers/gssdkcr.h) to let players to join servers.
The off-by-one bug is located just in the client's response (the last stage of this handshake) because if it is longer than 32 bytes causes the immediate crash of the server.
=========== 3) The Code ===========
====== 4) Fix ======
Patch 1.05 for both Win32 and MacOS.
Luigi Auriemma http://aluigi.altervista.org