Posts

Showing posts from May, 2020

DoSing a Public NetHack Server

What AFL found During fuzzing (as described here ), AFL reported a hang on this .nethackrc line: MENUCOLOR=0+++++++++++++++++++++++++++++++++++++++++=blue This line is saying that if a menu item matches the regular expression (in this case, one or more ‘0’ characters), then that line should be colored blue in the UI. Only one ‘+’ character is needed to express this, but if you string many ‘+’ characters together, NetHack will hang. I was also able to reproduce the hang with MSGTYPE and AUTOPICKUP_EXCEPTION lines. So why does it hang? NetHack 3.6/3.7 has a pluggable API for regular expression engines in sys/share . Three implementations of this API are included in the source: posixregex.c – Uses the POSIX API from /usr/include/regex.h , which is implemented via the platform’s libc. This is the default on Unix. cppregex.cpp – Uses the C++ standard library available in <regex> , which is implemented via the platform’s libc++. This the default on Windows. Obviously,