
ReadMe to the SecureValidate package

*** What is this thing?
*** How to install it?




*** What is this thing?

Well, as some of you have heard, and, well I assume all of you have
heard it, or you wouldn't have downloaded this package, a new vulnerability 
in the Unreal engine has been discovered. The same guy, who discovered 
several previous issues, Luigi Auriemma, that lead to UT440 and UT451, 
announced a new bug he discovered. It's a quite simple bug and with it is 
also quite simple to crash lots of unreal servers by sending a single UDP 
package.

You can read more information about this security issue here:
http://aluigi.altervista.org/adv/unsecure-adv.txt

The mentioned solution of this problem is implemented by this package, at 
least for the most urgent part.



The Validate-function is only used three times in standard UT. This package 
implements two classes which extend two other classes with two of the calls 
and checking the parameters before letting them handled by the original
(faulty) class.

These two classes are overridden:
IpServer.u
  UdpServerUplink extends UdpLink 
    function string ParseQuery( IpAddr Addr, coerce string QueryStr, ...

  UdpServerQuery extends UdpLink
    function string ParseQuery( IpAddr Addr, coerce string Query, ...

UdpServerUplink is used to register the server within the global server list 
by sending frequently UDP packages. While the master server doesn't seem to 
send any packages, he is able to and read packages are parsed. So if someone
hacks one of the master servers or their DNS they may be able to send these
UDP packages. And because it is UDP also other people can send UDP-packages
with the faked IP and port of the master servers to crash the Server.

UdpServerQuery is used to send information about the server to any querying
client. This may be UnrealTournament or any tool to query servers out there
and of course also a bad person trying to hack you server. 
Some mods or add-ons (older versions of Pure (< 6E); some versions of MapVote?) 
may replace the default handler class. So you have to decide whether you want 
their additional functionality/protection or of this class.



This class is _not_ reimplemented:
UBrowser.u
  UBrowserGSpyLink (InternetInfo <- InternetLink <- TcpLink <- UBrowserBufferedTcpLink)
    function GotMatch(int MatchData)

UBrowserGSpyLink is used to receive the global server list from one of the
master servers. As this implies this is a functionality of a client, not of
a server. Also this is TCP meaning it is quite complicated to insert packages
with a faked IP, also it is not a permanent connection, generally only used
only for a few seconds. So unless someone hacks one of the master servers or
their DNS this can't be used to hack the server or client. 
Also the name of this class is hard coded in it's factory class 
UBrowserGSpyFact and reimplemented for instance in the RocketArena-Mod.





*** How to install it?

You have to copy both files SecureValidate.u and SecureValidate.int into the
system directory of UT. Now we'll start a little UnrealTournament.ini-changing 
spree:

You have to change four line in the section Engine.GameEngine, here the
original code (of course you might use another cache size):

[Engine.GameEngine]
CacheSizeMegs=4
UseSound=True
ServerActors=IpDrv.UdpBeacon
ServerActors=IpServer.UdpServerQuery
ServerActors=IpServer.UdpServerUplink MasterServerAddress=unreal.epicgames.com MasterServerPort=27900
ServerActors=IpServer.UdpServerUplink MasterServerAddress=master0.gamespy.com MasterServerPort=27900
ServerActors=IpServer.UdpServerUplink MasterServerAddress=master.mplayer.com MasterServerPort=27900

Now the new lines:

[Engine.GameEngine]
CacheSizeMegs=128
UseSound=True
ServerActors=IpDrv.UdpBeacon
ServerActors=SecureValidate.SVUdpServerQuery
ServerActors=SecureValidate.SVUdpServerUplink MasterServerAddress=unreal.epicgames.com MasterServerPort=27900
ServerActors=SecureValidate.SVUdpServerUplink MasterServerAddress=master0.gamespy.com MasterServerPort=27900
ServerActors=SecureValidate.SVUdpServerUplink MasterServerAddress=master.mplayer.com MasterServerPort=27900

As you see you have to simply exchange IpServer. with SecureValidate.SV four 
times. This will result in using the new classes instead of the old ones.

Also you have to create a renamed copy of the following section:

[IpServer.UdpServerQuery]
GameName=ut

copy and/or rename this section to (this may be optional):

[SecureValidate.SVUdpServerQuery]
GameName=ut

likewise you could copy/rename the section
[IpServer.UdpServerUplink]
to
[SecureValidate.SVUdpServerUplink]
.



That's installing. No further configuration - besides like the 
original classes - is needed.
This is a server-side only package, no client has to load it or
have it installed.









I hope everything works fine, ... it's really a quite simple package, so
it should. 


Happy fragging, 
JustDoIt 
-- 
#loki.ut on irc.quakenet.org 
