==================================================================================== # # this file has been created for the Lame patcher program available for both *nix # and Windows platforms. # You need this program for continuing the patching of your files: # # http://aluigi.org/mytoolz.htm#lpatch # # Quick step-by-step for Windows: # - launch lpatch.exe # - select this cod2vawo.lpatch file # - read the message windows and click yes # - select the file (usually executables or dlls) to patch # - read the message windows to know if everything has been patched correctly # - test your game # # Quick step-by-step for Linux: # - compile lpatch: gcc -c md5.c ; gcc -o lpatch lpatch.c md5.o # - launch ./lpatch cod2vawo.lpatch # - read the text messages # - specify the name of the file to patch # - read the text messages to know if everything has been patched correctly # - test your game TITLE Call of Duty 2 (1.0 Linux) work-around for the va() bug 0.1 by Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org INTRO This unofficial patch for Call of Duty 2 is a work-around for the following problem: . - Attempted to overrun string in call to va() ................................................................................ . this problem happens when the game tries to build a string longer than 1024 . chars using va(), the function which calls snprintf and returns a pointer to . its static buffer. . Seems that this problem is caused by too much map names which overflow the . info string containing the names and crc of the game maps, but it could be . also exploited by some attackers (no proof-of-concept known at the moment). . The reason of the limiting of the buffer size from the old 32000 bytes to only . 1024 is a mistery which nobody knows... . The solution I have adopted for stopping this bug is just the skipping of the . Com_Error call which shutdowns the server and the setting of len to zero. . This is the best choice versus attacks that exploit this bug but I don't know . if this solution is good for the maps problem too, admins refer to this . problem as map rotation or sum mismatch bug too: . http://www.iwnation.com/Forums/index.php?showtopic=24161 . This legacy patch works only with version 1.0 for Linux FILE cod2_lnxded ONLY_ONE BYTES_ORIGINAL ; 1.0a c7 44 24 04 20 87 14 08 ; mov DWORD PTR [esp+4],0x08148720 c7 04 24 01 00 00 00 ; mov DWORD PTR [esp],0x1 e8 ?? ?? ?? ?? ; call 8061124 BYTES_PATCH c7 45 f4 00 00 00 00 ; mov DWORD PTR [ebp-12],0x0 31 c0 ; xor eax,eax 90 90 90 90 90 90 90 90 90 90 90 BYTES_ORIGINAL ; 1.0 c7 44 24 04 80 43 14 08 ; mov DWORD PTR [esp+4],0x08144380 c7 04 24 01 00 00 00 ; mov DWORD PTR [esp],0x1 e8 ?? ?? ?? ?? ; call 8061124 BYTES_PATCH c7 45 f4 00 00 00 00 ; mov DWORD PTR [ebp-12],0x0 31 c0 ; xor eax,eax 90 90 90 90 90 90 90 90 90 90 90 ====================================================================================