InfoSect's Month of Pointless Bugs (#23)

InfoSect, Canberra's hackerspace, regularly runs public group sessions to perform code review and vulnerability discovery. Over the next 30 days, I'll highlight the source code of 30 unknown vulnerabilities.

Bug #23

This is another small bug in the lbreakout2 network game server. The name string may not be NUL terminated after the strncpy.

 static void parse_packet_channel( ServerUser *user, ServerChannel *channel )
    int id;
    unsigned char type;
    char name[16];
    ServerUser *recv;
    ServerGameCtx ctx;
    ServerChannel *newchannel;


                if ( strchr( name, ' ' ) ) {
                    sprintf( errbuf, _("Channel name must not contain blanks!") );
                    send_info( user, MSG_ERROR, errbuf );


Popular posts from this blog

NetBSD kernel wscons IOCTL vulnerable bug class

InfoSect's Month of Pointless Bugs (#1, #2)

InfoSect's Month of Pointless Bugs (#3)