tremoria | 15 Nov 21:38 2005
Picon

Re: Knives Chat problem (Solution)

> Hi, i installed the latest version of sunuo (0.1.9) and im using the latest
version of mono (1.1.9.1_1)
> i'm getting this error when i try to compile my shard:
>  - Error: /home/brodock/sunuo/Scripts/Custom/Engines/Knives
> Chat/Gumps/OptionsGump.cs: CS1533: (line 950, column 16) Invoke cannot
> be called directly on a delegate

Its possible to use Knives Chat with  current Mono, but you have to change the
way of the invoke:

You have to change 5 files:
utitlities/gumps/optionsgump
utitlities/gumps/buttonplus
utitlities/gumps/choicegump
utitlities/gumps/overridegump
utitlities/gumps/responsegump

e.g. you have to make following change in the Optionsgump.cs:

public override void OnResponse( int hue )
{
	// c_Callback.Invoke( hue );  // does not work with mono
	c_Callback(hue);
}

Greetings,
Jonathan
www.tremoria-freeshard.de
Aiden Rigby | 26 Nov 00:12 2005
Picon

About SunUO...

Hey, i've actually been checking it out. Have yet to install it though...

But from what i've checked out, it looks pretty cool. I got a little idea 
though. Some of your downloads seemed to take a little time to connect, so I 
was wondering if you wanted me to mirror for you? I'm running a web-server 
off of my computer, using Apache and is PHP-compadable...

Well, that's just about it... You may be strapped for time, so I don't wanna 
write an essay for you to read :P

Thanks for the great program!

PS. Phantom should keep his mouth shut... (was checking the quotes... about 
half of them are his. lol)

_________________________________________________________________
Take charge with a pop-up guard built on patented Microsoft® SmartScreen 
Technology 

http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines 
  Start enjoying all the benefits of MSN® Premium right now and get the 
first two months FREE*.
Max Kellermann | 26 Nov 11:43 2005

Re: About SunUO...

On 2005/11/26 00:12, Aiden Rigby <rigby_a <at> hotmail.com> wrote:
> But from what i've checked out, it looks pretty cool. I got a little
> idea though. Some of your downloads seemed to take a little time to
> connect, so I was wondering if you wanted me to mirror for you? I'm
> running a web-server off of my computer, using Apache and is
> PHP-compadable...

The downloads are hosted by BerliOS.  I got around 40 kiB/s.  That is
not fast, but should be enough, considering that most of the downloads
are smaller than 1 MB.

But thanks for your offer, anyway.

Max
Chris | 26 Nov 17:25 2005
Picon

Re: About SunUO...

If you would like I can give you some space on my root server. He has ha 
100 Mbit connection and 1 Gbit to an Backbone.
The Server is located in Germany.
When i download at your site i get a speed under 100 Kb/s. On my Server 
you can download with some Mbits...

Regards
Chris

Max Kellermann wrote:

>On 2005/11/26 00:12, Aiden Rigby <rigby_a <at> hotmail.com> wrote:
>  
>
>>But from what i've checked out, it looks pretty cool. I got a little
>>idea though. Some of your downloads seemed to take a little time to
>>connect, so I was wondering if you wanted me to mirror for you? I'm
>>running a web-server off of my computer, using Apache and is
>>PHP-compadable...
>>    
>>
>
>The downloads are hosted by BerliOS.  I got around 40 kiB/s.  That is
>not fast, but should be enough, considering that most of the downloads
>are smaller than 1 MB.
>
>But thanks for your offer, anyway.
>
>Max
>
(Continue reading)

barakat barakat | 29 Nov 04:21 2005
Picon

RunUO 1.0.0 Source Code Exploit Fix

I've been trying to figure out how to stop this exploit that a person has been using on us for days, and I finally figured it out. I do no know exactly how the exploit was working but I know how to fix it. It is because of an error by the RunUO developers, and asayre8 didn't really want to accept it. So here is the fix:

Network\PacketHandlers.cs

Search for "if ( info == null || a == null || cityIndex < 0 || cityIndex >= info.Length )"

The if statement executes the code if info == null. Here is the code:

                Console.WriteLine( cityIndex );
                Console.WriteLine( info.Length );
                Console.WriteLine( "New character name: '{0}'", name );
                state.Dispose();

if info == null, then Console.WriteLine( info.Length ); that will cause a crash, and that is what an exploiter has been using against our server. I just commented those lines out to stop the problem but you could fix it if you really want to.

-Barakat

Max Kellermann | 29 Nov 09:59 2005

Re: RunUO 1.0.0 Source Code Exploit Fix

On 2005/11/29 04:21, barakat barakat <barakatx2 <at> gmail.com> wrote:
> It is because of an error by the RunUO developers, and asayre8
> didn't really want to accept it. So here is the fix:

It's great RunUO is open source.  You don't depend on anyone to get a
fix.  Just do it yourself. :)

Thanks for the report, that's really a nasty bug...  although I
believe SunUO isn't vulnerable because the exception handlers would
catch it..

Anyway, exception handlers are just some sort of parachute, I will add
a "real" fix to SunUO today.  Time for another release.

Max
cheerful1 | 29 Nov 16:26 2005

Exploit fix posted by Barakat

Bara is as usual right and saved the shard since his intent was to get me
to close it. The new information we gained indicates that it is possible
to use razor for this but unlikely since Razor is closed source, however
injection can be modified to send the altered packets relatively easily.
Posts were made on runuo forums and also orbsydia forums to make the runuo
devs more "aware" of the need for a fix. The orbsydia team responded with
a confirmation that the exploit was valid and present as well as a public
posting of the code and a private pm with possible means of sending said
packets.
I expect to be strongly flamed if not banned for it on runuo though.
Thank you for attending to this.
Sunuo is a godsend for the normal user and your fix will make it even more
so since I really dont expect runuo to fix their core.
and Kudos to you Bara my friend you are the best! :)
Stormy

Message: 1
Date: Mon, 28 Nov 2005 21:21:46 -0600
From: barakat barakat <barakatx2 <at> gmail.com>
To: sunuo-users <at> lists.berlios.de
Subject: [sunuo-users] RunUO 1.0.0 Source Code Exploit Fix

------=_Part_7923_2228655.1133234506172
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

I've been trying to figure out how to stop this exploit that a person has
been using on us for days, and I finally figured it out. I do no know
exactly how the exploit was working but I know how to fix it. It is because
of an error by the RunUO developers, and asayre8 didn't really want to
accept it. So here is the fix:

Network\PacketHandlers.cs

Search for "if ( info =3D=3D null || a =3D=3D null || cityIndex < 0 || city=
Index >=3D
info.Length )"

The if statement executes the code if info =3D=3D null. Here is the code:

                Console.WriteLine( cityIndex );
                Console.WriteLine( info.Length );
                Console.WriteLine( "New character name: '{0}'", name );
                state.Dispose();

if info =3D=3D null, then Console.WriteLine( info.Length ); that will cause=
 a
crash, and that is what an exploiter has been using against our server. I
just commented those lines out to stop the problem but you could fix it if
you really want to.

-Barakat

-----------------------------------------
Join ISP.COM today - $8.95 internet , less than 1/2 the cost of AOL
Try us out, http://www.isp.com/
Max Kellermann | 29 Nov 16:20 2005

SunUO 0.2.0 released

Hi,

the subjects says it - 0.2.0 is out, the remote vulnerability which
was reported yesterday made me push this one out.

Also included: support for encrypted clients.

 http://www.sunuo.org/download.html

Max
Max Kellermann | 29 Nov 16:33 2005

Re: Exploit fix posted by Barakat

On 2005/11/29 16:26, cheerful1 <at> isp.com wrote:
> Posts were made on runuo forums and also orbsydia forums to make the
> runuo devs more "aware" of the need for a fix. The orbsydia team
> responded with a confirmation that the exploit was valid and present
> as well as a public posting of the code and a private pm with
> possible means of sending said packets.

Ignore the problem until it goes away ;)

I hope I'll find some time to write an easy-to-use exploit for this
vulnerability.  Once that one is in the wild and all RunUO servers are
crashing like hell, everybody will think again.  Sadly, this is
usually the only thing which helps.

Max

Gmane