Skip to content

Commit

Permalink
修复恶意搞事漏洞
Browse files Browse the repository at this point in the history
  • Loading branch information
fantasylidong committed Oct 25, 2024
1 parent 06edf57 commit c0c19b2
Show file tree
Hide file tree
Showing 7 changed files with 315 additions and 0 deletions.
29 changes: 29 additions & 0 deletions addons/sourcemod/gamedata/SendFileExploitFix_csgo_1_2_2021.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
"Games"
{
"csgo"
{
"Addresses"
{
"CheckReceivingList"
{
"windows"
{
"signature" "CheckReceivingListSig"
}
"linux"
{
"signature" "CheckReceivingListSig"
}
}
}
"Signatures"
{
"CheckReceivingListSig"
{
"library" "engine"
"windows" "\x55\x8b\xec\x81\xec\x30\x01\x00\x00\x69\x45\x08\x30\x01\x00\x00\x53\x56\x8d\xb1\x50\x01\x00\x00"
"linux" "\x55\x89\xE5\x57\x56\x53\x81\xEC\x2A\x2A\x2A\x2A\x8B\x5D\x0C\x65\xA1\x14\x00\x00\x00\x89\x45\xE4\x31\xC0\x8B\x75\x08\x69\xFB\x2A\x2A\x2A\x2A\x01\xF7"
}
}
}
}
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
"Games"
{
"csgo"
{
"Addresses"
{
"CheckReceivingList"
{
"windows"
{
"signature" "CheckReceivingListSig"
}
"linux"
{
"signature" "CheckReceivingListSig"
}
}
}
"Signatures"
{
"CheckReceivingListSig"
{
"library" "engine"
"windows" "\x55\x8b\xec\x81\xec\x30\x01\x00\x00\x69\x45\x08\x30\x01\x00\x00\x53\x56\x8d\xb1\x50\x01\x00\x00"
"linux" "\x55\x89\xE5\x57\x56\x53\x81\xEC\x2A\x2A\x2A\x2A\x8B\x5D\x0C\x65\xA1\x14\x00\x00\x00\x89\x45\xE4\x31\xC0\x8B\x75\x08\x69\xFB\x2A\x2A\x2A\x2A\x01\xF7"
}
}
}
}
Binary file not shown.
128 changes: 128 additions & 0 deletions addons/sourcemod/plugins/scripting/SendFileExploitFixV3.3.sp
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
#include <sourcemod>
#include <sdktools>

public Plugin:myinfo =
{
name = "SendFile Exploit Fix (v3.3)",
author = "backwards",
description = "Prevents Clients From Exploiting The Un-Patched SRCDS SendFile Command, V3 Adds ReceiveFile Support.)",
version = "3.3",
url = "http://www.steamcommunity.com/id/mypassword"
}

#define MAX_FILES_ALLOWED_WHILE_ACTIVE_PER_MAP 256
#define MAX_FILES_ALLOWED_UPLOAD 32

bool InLevel[MAXPLAYERS+1] = {false, ...};
int RequestCount[MAXPLAYERS+1] = {0, ...};
int SendCount[MAXPLAYERS+1] = {0, ...};

public OnPluginStart()
{
CreateTimer(5.0, DecrementThread, _, TIMER_REPEAT);

if (GetEngineVersion() != Engine_CSGO)
return;

Address addy = GameConfGetAddress(LoadGameConfigFile("SendFileExploitFix_csgo_1_2_2021"), "CheckReceivingList");
if(addy == Address:0)// Not Vital
return;

int OS = LoadFromAddress(addy + Address:1, NumberType_Int8);
switch(OS)
{
case 0x89: //Linux
{
for(int i = 0;i<5;i++)
StoreToAddress((addy + Address:0x474 + view_as<Address>(i)), 0x90, NumberType_Int8);
}
case 0x8B: //Windows
{
for(int i = 0;i<2;i++)
StoreToAddress((addy + Address:0x270 + view_as<Address>(i)), 0x90, NumberType_Int8);
}
default:
{
return; // Not Vital
}
}
}

public Action:DecrementThread(Handle:timer, any:unused)
{
for (new client = 0; client <= MaxClients; client++)
{
RequestCount[client] -= 32;
if(RequestCount[client] < 0)
RequestCount[client] = 0;
}

return Plugin_Continue;
}

public OnMapStart()
{
for (new client = 1; client <= MaxClients; client++)
{
if(IsClientConnected(client))
{
if(IsClientInGame(client))
{
InLevel[client] = true;
RequestCount[client] = 0;
SendCount[client] = 0;
}
}
}
}

public OnMapEnd()
{
for (new client = 1; client <= MaxClients; client++)
{
InLevel[client] = false;
RequestCount[client] = 0;
SendCount[client] = 0;
}
}

public OnClientPutInServer(client)
{
InLevel[client] = true;
RequestCount[client] = 0;
SendCount[client] = 0;
}

public OnClientDisconnect(client)
{
RequestCount[client] = 0;
SendCount[client] = 0;
}

public Action OnFileSend(int client, const char[] sFile)
{
if(InLevel[client])
{
RequestCount[client]++;
if(RequestCount[client] > MAX_FILES_ALLOWED_WHILE_ACTIVE_PER_MAP)
{
if(!IsClientInKickQueue(client))
KickClient(client, "ServerCrashExploitAttempt.");

return Plugin_Stop;
}
}

return Plugin_Continue;
}

public Action OnFileReceive(int client, const char[] sFile)
{
SendCount[client]++;

if(SendCount[client] > MAX_FILES_ALLOWED_UPLOAD)
{
if(!IsClientInKickQueue(client))
KickClient(client, "ServerCrashExploitAttempt.");
}
}
128 changes: 128 additions & 0 deletions addons/sourcemod/scripting/SendFileExploitFixV3.3.sp
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
#include <sourcemod>
#include <sdktools>

public Plugin:myinfo =
{
name = "SendFile Exploit Fix (v3.3)",
author = "backwards",
description = "Prevents Clients From Exploiting The Un-Patched SRCDS SendFile Command, V3 Adds ReceiveFile Support.)",
version = "3.3",
url = "http://www.steamcommunity.com/id/mypassword"
}

#define MAX_FILES_ALLOWED_WHILE_ACTIVE_PER_MAP 256
#define MAX_FILES_ALLOWED_UPLOAD 32

bool InLevel[MAXPLAYERS+1] = {false, ...};
int RequestCount[MAXPLAYERS+1] = {0, ...};
int SendCount[MAXPLAYERS+1] = {0, ...};

public OnPluginStart()
{
CreateTimer(5.0, DecrementThread, _, TIMER_REPEAT);

if (GetEngineVersion() != Engine_CSGO)
return;

Address addy = GameConfGetAddress(LoadGameConfigFile("SendFileExploitFix_csgo_1_2_2021"), "CheckReceivingList");
if(addy == Address:0)// Not Vital
return;

int OS = LoadFromAddress(addy + Address:1, NumberType_Int8);
switch(OS)
{
case 0x89: //Linux
{
for(int i = 0;i<5;i++)
StoreToAddress((addy + Address:0x474 + view_as<Address>(i)), 0x90, NumberType_Int8);
}
case 0x8B: //Windows
{
for(int i = 0;i<2;i++)
StoreToAddress((addy + Address:0x270 + view_as<Address>(i)), 0x90, NumberType_Int8);
}
default:
{
return; // Not Vital
}
}
}

public Action:DecrementThread(Handle:timer, any:unused)
{
for (new client = 0; client <= MaxClients; client++)
{
RequestCount[client] -= 32;
if(RequestCount[client] < 0)
RequestCount[client] = 0;
}

return Plugin_Continue;
}

public OnMapStart()
{
for (new client = 1; client <= MaxClients; client++)
{
if(IsClientConnected(client))
{
if(IsClientInGame(client))
{
InLevel[client] = true;
RequestCount[client] = 0;
SendCount[client] = 0;
}
}
}
}

public OnMapEnd()
{
for (new client = 1; client <= MaxClients; client++)
{
InLevel[client] = false;
RequestCount[client] = 0;
SendCount[client] = 0;
}
}

public OnClientPutInServer(client)
{
InLevel[client] = true;
RequestCount[client] = 0;
SendCount[client] = 0;
}

public OnClientDisconnect(client)
{
RequestCount[client] = 0;
SendCount[client] = 0;
}

public Action OnFileSend(int client, const char[] sFile)
{
if(InLevel[client])
{
RequestCount[client]++;
if(RequestCount[client] > MAX_FILES_ALLOWED_WHILE_ACTIVE_PER_MAP)
{
if(!IsClientInKickQueue(client))
KickClient(client, "ServerCrashExploitAttempt.");

return Plugin_Stop;
}
}

return Plugin_Continue;
}

public Action OnFileReceive(int client, const char[] sFile)
{
SendCount[client]++;

if(SendCount[client] > MAX_FILES_ALLOWED_UPLOAD)
{
if(!IsClientInKickQueue(client))
KickClient(client, "ServerCrashExploitAttempt.");
}
}
1 change: 1 addition & 0 deletions cfg/generalfixes.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ sm plugins load fixes/weapon_spawn_duplicate_fix.smx
sm plugins load fixes/l4d_fix_common_shove.smx
sm plugins load fixes/l4d2_tank_flying_incap.smx
sm plugins load fixes/l4d2_tank_spawn_antirock_protect.smx
sm plugins load fixes/SendFileExploitFixV3.3.smx

// Anti-Cheat.
sm plugins load anticheat/l4d2_noghostcheat.smx
Expand Down

0 comments on commit c0c19b2

Please sign in to comment.