It's not forbidden to mix diffent programming languages, I am sure they also use Assembler codes. The problem can also occur in C++, because they trust the client that it sends a valid string, but it can send anything.
> Thats not right ;) > > The programming language is the problem in this case. Why should i write > my code with functions that shouldnt be used with C++? > C++ works with the stdlib, which means streams. Not C stuff. So its > finally up to Valve to write programs which follows C++ standards not C. > You cant trust your users as programmer. Its up to us, to make the > source safe, and if the projecttime needs 2 weeks more, you should spend > the time. > > > Ronny Schedel schrieb: >> The problem is not the programming language, the problem is that Valve >> trust >> their game clients too much. >> >> >> >>> Well, >>> >>> Valve should start coding c++ with steams ;) >>> Who works with printfs today? >>> >>> I hope Valve will fix the whole source to prevent overflows. >>> C++ is you friend, not old C stuff... >>> >>> Best regards, >>> Stefan Popp >>> >>> >>> Claudio Beretta schrieb: >>> >>>> Thanks, anyone knows if a workaround is available? >>>> >>>> BTW: aren't "security researchers" supposed to contact the developers >>>> before >>>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a >>>> few >>>> weeks -.- >>>> >>>> >>>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes <mrh9...@lanaddict.com> >>>> wrote: >>>> >>>> >>>> >>>>> A friend forwarded me this info regarding a vulnerability. I am >>>>> unable >>>>> to >>>>> test this at the moment, but it does look like it is possible. >>>>> Thought >>>>> I >>>>> would get this out to the community before others start using this to >>>>> cause >>>>> havoc. >>>>> >>>>> http://www.vupen.com/english/advisories/2009/2296 >>>>> http://aluigi.altervista.org/adv/sourcefs-adv.txt >>>>> >>>>> Morgan Humes >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>> >>>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >>> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux