[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Endless loop in Soldner 33724


                             Luigi Auriemma

Application:  SÖLDNER - Secret Wars
Versions:     <= 33724
Platforms:    Windows
Bug:          endless loop
Exploitation: remote, versus server
Date:         01 Jul 2008
Author:       Luigi Auriemma
              e-mail: aluigi@xxxxxxxxxxxxx
              web:    aluigi.org


1) Introduction
2) Bug
3) The Code
4) Fix


1) Introduction

SÖLDNER is a tactical military game developed by Wings Simulations
and released in May 2004.


2) Bug

Each UDP packet for this game can contain various blocks of data.
The type 0x80 forces the server to perform a cycle from zero to the 32
bit number (so max 0xffffffff) specified in that data block.
The maximum size of a packet supported by the game is 1400 bytes in
which is possible to place max 233 blocks of this type causing the
freeze of a server for over 2 hours (tested with a fast CPU).


3) The Code



4) Fix

No fix


Luigi Auriemma