(svn r1376) fixed an issue where a modified client could try to replace a vehicle to an invalid engine ID and crash the server. Now the server just rejects the request. Also added a check for vehicle ownership, so you should not be able to replace other player's vehicles

author: bjarni <bjarni@openttd.org> 2005-01-04 17:54:16 +0000
committer: bjarni <bjarni@openttd.org> 2005-01-04 17:54:16 +0000
commit: 29d2f6ed6c35a4f15feb4fec0bbb1d63a52ba051 (patch)
tree: a350ce7588c18a22209ac2fddbcc7e41ff7e0225
parent: 6edb21231e264cd52dc98a2a765330cac4b7cdf4 (diff)
download: openttd-29d2f6ed6c35a4f15feb4fec0bbb1d63a52ba051.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/vehicle.c b/vehicle.c
index 7ff4ba787..5fb97df38 100644
--- a/vehicle.c
+++ b/vehicle.c
@@ -1415,8 +1415,18 @@ int32 CmdReplaceVehicle(int x, int y, uint32 flags, uint32 p1, uint32 p2)
 
 	SET_EXPENSES_TYPE(EXPENSES_NEW_VEHICLES);
 	
+	
+	// first we make sure that it's a valid type the user requested
+	// check that it's an engine that is in the engine array
+	if (new_engine_type >= TOTAL_NUM_ENGINES ) return CMD_ERROR;
+	
+	// check that the new vehicle type is the same as the original one
 	if (v->type != _engines[new_engine_type].type) return CMD_ERROR;
 
+	// check that it's the vehicle's owner that requested the replace
+	if (!CheckOwnership(v->owner)) return CMD_ERROR;
+
+
 	switch (v->type) {
 		case VEH_Train:    build_cost = EstimateTrainCost(RailVehInfo(new_engine_type)); break;
 		case VEH_Road:     build_cost = EstimateRoadVehCost(new_engine_type);            break;
author	bjarni <bjarni@openttd.org>	2005-01-04 17:54:16 +0000
committer	bjarni <bjarni@openttd.org>	2005-01-04 17:54:16 +0000
commit	29d2f6ed6c35a4f15feb4fec0bbb1d63a52ba051 (patch)
tree	a350ce7588c18a22209ac2fddbcc7e41ff7e0225
parent	6edb21231e264cd52dc98a2a765330cac4b7cdf4 (diff)
download	openttd-29d2f6ed6c35a4f15feb4fec0bbb1d63a52ba051.tar.xz