==================================================================================== # # this file has been created for the Lame patcher program available for both *nix # and Windows platforms. # You need this program for continuing the patching of your files: # # http://aluigi.org/mytoolz.htm#lpatch # # Quick step-by-step for Windows: # - launch lpatch.exe # - select this cod4mapboffix.lpatch file # - read the message windows and click yes # - select the file (usually executables or dlls) to patch # - read the message windows to know if everything has been patched correctly # - test your game TITLE Call of Duty 4 1.7 fix for the callvote buffer-overflow 0.1 (Windows) by Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org INTRO This unofficial patch for Call of Duty 4 is able to fix the following bug: . . http://aluigi.org/adv/cod4vamap-adv.txt . If you are unsure if your server is vulnerable please use the proof-of-concept provided there. . The solution I have adopted for this bug is the limiting of the length of the input map name to max 63 chars (using the AND instruction) . The patch is available only for the latest releases of Call of Duty 4 (1.7) for Windows, older versions will be NOT supported by me so don't ask. FILE iw3mp.exe ONLY_ONE BYTES_ORIGINAL 8B C7 ; MOV EAX,EDI 8D 50 01 ; LEA EDX,DWORD PTR DS:[EAX+1] 8A 08 ; MOV CL,BYTE PTR DS:[EAX] 83 C0 01 ; ADD EAX,1 84 C9 ; TEST CL,CL 75 F7 ; JNZ SHORT iw3mp.00504B94 2B C2 ; SUB EAX,EDX 8B F0 ; MOV ESI,EAX BYTES_PATCH 8B F7 ; MOV ESI,EDI 8D 56 01 ; LEA EDX,DWORD PTR DS:[ESI+1] 8A 0E ; MOV CL,BYTE PTR DS:[ESI] 46 ; INC ESI 84 C9 ; TEST CL,CL 75 F9 ; JNZ SHORT iw3mp.00504B94 2B F2 ; SUB ESI,EDX 83 E6 3F ; AND ESI,3F 90 ; NOP ====================================================================================