Add: [Network] Validate the client name when receiving one from the server

This so names from other clients are known valid in the client as well, instead allowing some compromised/bad server to potentially crash clients upon certain expectations.
author: rubidium42 <rubidium@openttd.org> 2021-04-23 19:27:48 +0200
committer: rubidium42 <rubidium42@users.noreply.github.com> 2021-04-24 08:02:54 +0200
commit: 2999d301adade21ddd253b5d765bb8468e39f224 (patch)
tree: 284feeeca11a698d036c1cef0ee68de41c9ea2b1
parent: e1cebe0ea0719ad408a0a7494efe1d8581b702ce (diff)
download: openttd-2999d301adade21ddd253b5d765bb8468e39f224.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/network/network_client.cpp b/src/network/network_client.cpp
index b234880d7..72f69f99f 100644
--- a/src/network/network_client.cpp
+++ b/src/network/network_client.cpp
@@ -623,6 +623,10 @@ NetworkRecvStatus ClientNetworkGameSocketHandler::Receive_SERVER_CLIENT_INFO(Pac
 
 	if (this->status < STATUS_AUTHORIZED) return NETWORK_RECV_STATUS_MALFORMED_PACKET;
 	if (this->HasClientQuit()) return NETWORK_RECV_STATUS_CONN_LOST;
+	/* The server validates the name when receiving it from clients, so when it is wrong
+	 * here something went really wrong. In the best case the packet got malformed on its
+	 * way too us, in the worst case the server is broken or compromised. */
+	if (!NetworkIsValidClientName(name)) return NETWORK_RECV_STATUS_MALFORMED_PACKET;
 
 	ci = NetworkClientInfo::GetByClientID(client_id);
 	if (ci != nullptr) {
author	rubidium42 <rubidium@openttd.org>	2021-04-23 19:27:48 +0200
committer	rubidium42 <rubidium42@users.noreply.github.com>	2021-04-24 08:02:54 +0200
commit	2999d301adade21ddd253b5d765bb8468e39f224 (patch)
tree	284feeeca11a698d036c1cef0ee68de41c9ea2b1
parent	e1cebe0ea0719ad408a0a7494efe1d8581b702ce (diff)
download	openttd-2999d301adade21ddd253b5d765bb8468e39f224.tar.xz