Exploit causes client crashes

Earu / EasyChat

A modular Garry's Mod chat addon for both users and developers. (EOL 2025)

https://steamcommunity.com/sharedfiles/filedetails/?id=1182471500

GNU General Public License v3.0

90 stars 31 forks source link

Exploit causes client crashes #92

Closed MagnumMacKivler closed 2 years ago

MagnumMacKivler commented 2 years ago

Hello,

Someone joined my server and entered this into the chat, which caused all clients to disconnect and they were unable to reconnect until the server was restarted.

<font=BigChatText>: <translate=rand(-500,500), rand(-500,500)>JEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISHJEWISH

Earu commented 2 years ago

As bad as it looks like:

I was unable to reproduce a crash of any sort, tried in p2p, sp and on a server with a lot of content and other players. Most likely a side-effect of this is more likely to have crashed your players, e.g not enough RAM, some ill-fated condition in the source engine etc...

mrlazorz commented 2 years ago

Some additional context from the same server when this happened from our discord chatsync.

Users tried rejoining after and got a similar disconnect message. We had to restart before anyone could reconnect. For some reason the user who sent the message wasn't disconnected. I suspect it might not be related to EasyChat, maybe P2M? but there's not a lot to go off of. Checked the server log and didn't see any errors at the time or other suspicious behavior.

Earu commented 2 years ago

@mrlazorz I feel it might be whatever your discord addon is doing. Usually when you get the buffer overflown like that it means the server or the client has been spamming net messages on the reliable channel. So do check if the discord addon is not doing some kind of loop in sending network messages, or any other addon that you may have.

I can't do anything on my side about this unfortunately.

Earu commented 2 years ago

Closing this as the issue is not on ECs side.

tjb2640 commented 1 year ago

Hi, to follow this up (even after it's closed), we did discover an OnPlayerChat hook from a different add-on returning true for all chat messages, which was of course interfering with EasyChat's OnPlayerChat hooks by prematurely suppressing the messages. Had to really dig for that one, it wasn't too obvious. Apologies!