Bug#681812: openarena-server: segfaults when a client is requesting a callvote to kick another player

Markus Koschany apo at gambaru.de
Mon Jul 16 18:54:41 UTC 2012 

Package: openarena-server
Version: 0.8.8-5
Severity: normal

Dear Maintainer,

as i have hinted in my last report to #664637, there are at least two
different kind of bugs which can lead to a server crash.

This one is reproducible with Debian's standard configuration. 

*How to reproduce the crash?*

1. Join the server and open the ingame console with Shift+ESC or ~.
2. Ask for a vote to kick a non-existing player on the server like

\callvote kick pullo

if pullo is a player who does not play on the server.

3. Result: Segmentation Fault and server crash

The crash always occurs if the callvote name differs from the actual player
names.

If you ask for a callvote and if you leave the field for the player
name blank, then the following message can be found in the log file.

NET_CompareBaseAdr: bad address type

As far as i can tell the "clientkick id"-command, which you can use
from the ingame menu, works as intended. 

*Quick solution*

Disable the vote option to kick a player from the server in
/etc/openarena-server/server.cfg. The default value is:

set g_voteNames "/map_restart/nextmap/map/g_gametype/kick/clientkick/g_doWarmup/timelimit/fraglimit/shuffle" 

If you remove "kick" from the line the callvote option to kick another
player is disabled and nobody can crash the server anymore.

set g_voteNames "/map_restart/nextmap/map/g_gametype/clientkick/g_doWarmup/timelimit/fraglimit/shuffle" 

*Attachments*

I've attached my debug log files and the backtrace from gdb. It seems
that the if-condition in code/game/g_cmds.c line 1818 is never true
although the player doesn't exist. Somehow the server doesn't check
carefully enough if a player exists or not. 

Kind regards
Markus Koschany

-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.24 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openarena-server depends on:
ii  adduser                   3.112+nmu2     add and remove users and groups
ii  ioquake3-server           1.36+svn2287-1 Standalone server for ioQuake3 bas
ii  libc6                     2.11.3-3       Embedded GNU C Library: Shared lib
ii  openarena-081-maps        0.8.5split-2   OpenArena game data - maps from 0.
ii  openarena-081-misc        0.8.5split-2   OpenArena game data - miscellaneou
ii  openarena-081-players     0.8.5split-2   OpenArena game data - player graph
ii  openarena-081-players-mat 0.8.5split-2   OpenArena game data - "mature" pla
ii  openarena-081-textures    0.8.5split-2   OpenArena game data - textures fro
ii  openarena-085-data        0.8.5split-2   OpenArena game data - 0.8.5 update
ii  openarena-088-data        0.8.8-1        OpenArena game data
ii  openarena-data            0.8.5-3        OpenArena game data

openarena-server recommends no packages.

openarena-server suggests no packages.

Versions of packages ioquake3-server depends on:
ii  libc6                   2.11.3-3         Embedded GNU C Library: Shared lib
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

-- Configuration Files:
/etc/default/openarena-server changed [not included]
/etc/init.d/openarena-server changed [not included]
/etc/openarena-server/server.cfg changed [not included]

-- no debconf information

More information about the Pkg-games-devel mailing list