Crash if "amslap" is used by a person manually granted permissions.

Charlese2 commented 2 years ago
If you grant permissions to a user with amgrant and they try to slap an admin, it crashes the server. adminUser is null if they are only granted permissions, but it tries to get the rank value from the struct.
========================================
             JA++ Crash Log
========================================
Version: JA++, 32 bits, Feb  1 2022, 8110a91 (Windows)
Side: Server-side
Build Date/Time: Feb  1 2022 05:31:48
Operating system: Microsoft Unknown Edition (build 9200), 64-bit
Crash type: Exception

----------------------------------------
          Exception Information
----------------------------------------
Process: D:\JediAcademy\openjkded.x86.exe
Exception in module: OJK7A22.tmp
Exception Address: 0x0CC00938 (OJK7A22.tmp+0x70938)
Exception Code: 0xC0000005 (Access Violation)
Attempted to read data at: 0x00000108

----------------------------------------
              Register Dump
----------------------------------------
General Purpose & Control Registers:
EAX: 0x0C886E60, EBX: 0x00000000, ECX: 0x0DD1EF88, EDX: 0x00000000
EDI: 0x0090ED50, ESI: 0x02E4172C, ESP: 0x004F31DC, EBP: 0x004F31E4
EIP: 0x0CC00938

Segment Registers:
CS: 0x00000023, DS: 0x0000002B, ES: 0x0000002B
FS: 0x00000053, GS: 0x0000002B, SS: 0x0000002B

----------------------------------------
               Module List
----------------------------------------
0x00810000 - openjkded.x86 - D:\JediAcademy\openjkded.x86.exe
0x77E10000 - ntdll - C:\WINDOWS\SYSTEM32\ntdll.dll
0x77230000 - KERNEL32 - C:\WINDOWS\System32\KERNEL32.DLL
0x75BB0000 - KERNELBASE - C:\WINDOWS\System32\KERNELBASE.dll
0x76650000 - SHELL32 - C:\WINDOWS\System32\SHELL32.dll
0x76D30000 - msvcp_win - C:\WINDOWS\System32\msvcp_win.dll
0x776A0000 - ucrtbase - C:\WINDOWS\System32\ucrtbase.dll
0x757C0000 - WINMM - C:\WINDOWS\SYSTEM32\WINMM.dll
0x74EF0000 - WSOCK32 - C:\WINDOWS\SYSTEM32\WSOCK32.dll
0x76FD0000 - msvcrt - C:\WINDOWS\System32\msvcrt.dll
0x75ED0000 - USER32 - C:\WINDOWS\System32\USER32.dll
0x771B0000 - WS2_32 - C:\WINDOWS\System32\WS2_32.dll
0x77830000 - win32u - C:\WINDOWS\System32\win32u.dll
0x76E40000 - RPCRT4 - C:\WINDOWS\System32\RPCRT4.dll
0x77180000 - GDI32 - C:\WINDOWS\System32\GDI32.dll
0x770A0000 - gdi32full - C:\WINDOWS\System32\gdi32full.dll
0x77C10000 - ADVAPI32 - C:\WINDOWS\System32\ADVAPI32.dll
0x76F50000 - sechost - C:\WINDOWS\System32\sechost.dll
0x7AC90000 - MSVCP140 - D:\JediAcademy\MSVCP140.dll
0x79E70000 - VCRUNTIME140 - D:\JediAcademy\VCRUNTIME140.dll
0x76DB0000 - IMM32 - C:\WINDOWS\System32\IMM32.DLL
0x6AB60000 - CRYPTSP - C:\WINDOWS\SYSTEM32\CRYPTSP.dll
0x6AB30000 - rsaenh - C:\WINDOWS\system32\rsaenh.dll
0x74DB0000 - CRYPTBASE - C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
0x76CC0000 - bcryptPrimitives - C:\WINDOWS\System32\bcryptPrimitives.dll
0x73DB0000 - windows.storage - C:\WINDOWS\SYSTEM32\windows.storage.dll
0x77980000 - combase - C:\WINDOWS\System32\combase.dll
0x73CC0000 - wintypes - C:\WINDOWS\SYSTEM32\wintypes.dll
0x77850000 - SHCORE - C:\WINDOWS\System32\SHCORE.dll
0x76F00000 - shlwapi - C:\WINDOWS\System32\shlwapi.dll
0x74DC0000 - SspiCli - C:\WINDOWS\SYSTEM32\SspiCli.dll
0x6C5F0000 - napinsp - C:\WINDOWS\system32\napinsp.dll
0x6C5D0000 - pnrpnsp - C:\WINDOWS\system32\pnrpnsp.dll
0x74F40000 - mswsock - C:\WINDOWS\System32\mswsock.dll
0x73BD0000 - DNSAPI - C:\WINDOWS\SYSTEM32\DNSAPI.dll
0x75020000 - IPHLPAPI - C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
0x76E30000 - NSI - C:\WINDOWS\System32\NSI.dll
0x6B820000 - winrnr - C:\WINDOWS\System32\winrnr.dll
0x6B800000 - wshbth - C:\WINDOWS\system32\wshbth.dll
0x73CA0000 - nlansp_c - C:\WINDOWS\system32\nlansp_c.dll
0x6B170000 - fwpuclnt - C:\WINDOWS\System32\fwpuclnt.dll
0x6F740000 - rasadhlp - C:\Windows\System32\rasadhlp.dll
0x0CB90000 - OJK7A22 - C:\Users\knigh\AppData\Local\Temp\OJK7A22.tmp
0x7AAF0000 - ucrtbased - C:\WINDOWS\SYSTEM32\ucrtbased.dll
0x753A0000 - dbghelp - C:\WINDOWS\SYSTEM32\dbghelp.dll
0x7AA30000 - MSVCP140D - C:\WINDOWS\SYSTEM32\MSVCP140D.dll
0x7B430000 - VCRUNTIME140D - C:\WINDOWS\SYSTEM32\VCRUNTIME140D.dll

----------------------------------------
          Disassembly/Source code
----------------------------------------
Crash location located at 0x0CC00938: OJK7A22.tmp::AM_CanInflict(+0x98) [Func at 0x0CC008A0]
Source code: D:\japp\game\g_admin.cpp:657(+0x6)

^^^^^^^^^^

--- D:\japp\game\g_admin.cpp:649(+0x4) ---

0x0CC00914 - jnz 0xcc00920                  (AM_CanInflict+0x80)

--- D:\japp\game\g_admin.cpp:650 ---

0x0CC00916 - mov eax, 0x1                  
0x0CC0091B - jmp 0xcc00a57                 

--- D:\japp\game\g_admin.cpp:653 ---

0x0CC00920 - mov ecx, [ebp+0x8]            
0x0CC00923 - cmp ecx, [ebp+0xc]            
0x0CC00926 - jnz 0xcc00932                  (AM_CanInflict+0x92)

--- D:\japp\game\g_admin.cpp:654 ---

0x0CC00928 - mov eax, 0x1                  
0x0CC0092D - jmp 0xcc00a57                 

--- D:\japp\game\g_admin.cpp:657 ---

0x0CC00932 - mov edx, [ebp-0x8]            
0x0CC00935 - mov eax, [ebp-0x4]            

=============================================
0x0CC00938 - mov ecx, [edx+0x108]           <-- Exception
=============================================

0x0CC0093E - cmp ecx, [eax+0x108]          
0x0CC00944 - jnz dword ptr 0xcc009cf        (AM_CanInflict+0x12F)

--- D:\japp\game\g_admin.cpp:658 ---

0x0CC0094A - cmp dword ptr [0xdef0f0c], 0x0
0x0CC00951 - jz short 0xcc009ad             (AM_CanInflict+0x10D)

--- D:\japp\game\g_admin.cpp:659 ---

0x0CC00953 - mov edx, [ebp-0x4]            
0x0CC00956 - mov eax, [edx+0x108]          
0x0CC0095C - push eax                      
0x0CC0095D - mov ecx, [ebp-0x4]            
0x0CC00960 - push ecx                      
0x0CC00961 - mov edx, [ebp+0xc]            
vvvvvvvvvv

----------------------------------------
                Backtrace
----------------------------------------
OJK7A22.tmp::AM_CanInflict(+0x98) [0x0CC00938] - (D:\japp\game\g_admin.cpp:657)
OJK7A22.tmp::AM_Slap(+0x8F) [0x0CC03F1F] - (D:\japp\game\g_admin.cpp:1885)
OJK7A22.tmp::AM_HandleCommands(+0x161) [0x0CBFEE01] - (D:\japp\game\g_admin.cpp:3567)
OJK7A22.tmp::ClientCommand(+0xF8) [0x0CC169A8] - (D:\japp\game\g_cmds.cpp:3662)
openjkded.x86.exe::GVM_ClientCommand(+0x85) [0x0086BD45] - (D:\OpenJK\codemp\server\sv_gameapi.cpp:108)
openjkded.x86.exe::SV_ExecuteClientCommand(+0xFC) [0x0086257C] - (D:\OpenJK\codemp\server\sv_client.cpp:1290)
openjkded.x86.exe::SV_ClientCommand(+0xEB) [0x0086130B] - (D:\OpenJK\codemp\server\sv_client.cpp:1353)
openjkded.x86.exe::SV_ExecuteClientMessage(+0x13C) [0x0086274C] - (D:\OpenJK\codemp\server\sv_client.cpp:1584)
openjkded.x86.exe::SV_PacketEvent(+0x12E) [0x008682CE] - (D:\OpenJK\codemp\server\sv_main.cpp:832)
openjkded.x86.exe::Com_RunAndTimeServerPacket(+0x39) [0x0082AEA9] - (D:\OpenJK\codemp\qcommon\common.cpp:852)
openjkded.x86.exe::NET_Event(+0xBA) [0x0083714A] - (D:\OpenJK\codemp\qcommon\net_ip.cpp:1026)
openjkded.x86.exe::NET_Sleep(+0xBA) [0x0083812A] - (D:\OpenJK\codemp\qcommon\net_ip.cpp:1075)
openjkded.x86.exe::Com_Frame(+0x13B) [0x00829A6B] - (D:\OpenJK\codemp\qcommon\common.cpp:1526)
openjkded.x86.exe::main(+0x146) [0x0089D936] - (D:\OpenJK\shared\sys\sys_main.cpp:813)
openjkded.x86.exe::__scrt_common_main_seh(+0xFA) [0x008E62C5] - (d:\a01\_work\10\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288)
KERNEL32.DLL::BaseThreadInitThunk(+0x19) [0x77246739]
ntdll.dll::RtlGetFullPathName_UEx(+0x4BF) [0x77E78AFF]
ntdll.dll::RtlGetFullPathName_UEx(+0x48D) [0x77E78ACD]

----------------------------------------
            Extra Information
----------------------------------------
----------------------------------------
          Server info / players
----------------------------------------
Map: mp/ffa3

Players: 2/32:

|ID|Name                                |Ping|IP                    |
+--+------------------------------------+----+----------------------+
|0 |^1W^2a^3f^4f^5l^6e^1M^2a^3n^46^59^7 |10  |192.168.1.129:29070     |
|1 |^4Charles^1E2^7                     |2   |192.168.1.6:29071       |
+--+------------------------------------+----+----------------------+
========================================
             End of crash log
========================================
ensiform commented 2 years ago
One of these two pointers are pointing to null address
https://github.com/Razish/japp/blob/master/game/g_admin.cpp#L657
Charlese2 commented 2 years ago
Upon further inspection, they have to slap an admin or it doesn't reach the null pointer reference.
Razish commented 2 years ago
Fixed, temporary granted permissions now assume the lowest rank (< 0) and so can't affect other admins. Commit incoming.
Razish / japp

Crash if "amslap" is used by a person manually granted permissions. #442
