====================================================================================

TITLE
    Call of Duty 2 1.0 fix for the callvote buffer-overflow 0.1 (Linux only)
    oringal 1.3 version by Luigi Auriemma
    e-mail: aluigi@autistici.org
    web:    aluigi.org
    .
    UPDATE: backported to Call of Duty 2 version 1.0 by smugllama

INTRO
    This unofficial patch for Call of Duty 2 is able to fix the following bug:
    .
    . http://aluigi.org/adv/codmapbof-adv.txt
    .
    If you are unsure if your server is vulnerable please use the proof-of-concept
    provided there.
    .
    The solution I have adopted for this bug is the limiting of the length of the
    input map name to max 63 chars (using the AND instruction)
    .
    UPDATE: backported to Call of Duty 2 version 1.0 by smugllama

FILE
    CoD2MP_s.exe;cod2_lnxded;CoDMP*.exe;cod*_lnxded

ONLY_ONE

    ### LINUX ###

RVA
    8048000                 ; IMPORTANT!

    # cod2_lnxded
    # 80656ef

BYTES_ORIGINAL
    8d 45 fc                ; lea    eax,[ebp-4]
    83 28 07                ; sub    DWORD PTR [eax],0x7
    8b 45 fc                ; mov    eax,DWORD PTR [ebp-4]
    89 44 24 08             ; mov    DWORD PTR [esp+8],eax
    8b 45 08                ; mov    eax,DWORD PTR [ebp+8]
    89 44 24 04             ; mov    DWORD PTR [esp+4],eax
    c7 04 24 80 17 1e 08    ; mov    DWORD PTR [esp],0x81e1780
    e8 8c 45 fe ff          ; call   8049c80 <memcpy@plt>


BYTES_PATCH
    ?? ?? ??
    ?? ?? ??
    ?? ?? ??
    83 e0 3f                ; and    eax,0x3f
    50                      ; push   eax
    8b 45 08                ; mov    eax,DWORD PTR [ebp+8]
    50                      ; push   eax
    68 |81e1780             ; push   0x81e1780
    e8 ^8049c80             ; call   8049c80 <memcpy@plt>
    83 c4 0c                ; add    esp,0xc
    90 90                   ; nop nop


====================================================================================