diff options
author | truelight <truelight@openttd.org> | 2004-12-16 11:35:08 +0000 |
---|---|---|
committer | truelight <truelight@openttd.org> | 2004-12-16 11:35:08 +0000 |
commit | 523ba1ff50dfaee79036c03d83ee6d64475cbd37 (patch) | |
tree | d6750d8fa87e388f7c0f32fe01251851514fd9c6 | |
parent | 693d074d76cca949cd884d68050c764994be0ddb (diff) | |
download | openttd-523ba1ff50dfaee79036c03d83ee6d64475cbd37.tar.xz |
(svn r1127) -Fix: [Network] Protect the network against an illegal PLAYER_CTRL (in
which a modified client could, for example, delete a random active company)
-rw-r--r-- | network_server.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/network_server.c b/network_server.c index 29402bf4f..c6f655d7b 100644 --- a/network_server.c +++ b/network_server.c @@ -775,14 +775,21 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT_COMMAND) ci = DEREF_CLIENT_INFO(cs); // Only CMD_PLAYER_CTRL is always allowed, for the rest, playas needs // to match the player in the packet - if (cp->cmd != CMD_PLAYER_CTRL && ci->client_playas-1 != cp->player) { + if (!(cp->cmd == CMD_PLAYER_CTRL && cp->p1 == 0) && ci->client_playas-1 != cp->player) { // The player did a command with the wrong player_id.. bad!! SEND_COMMAND(PACKET_SERVER_ERROR)(cs, NETWORK_ERROR_PLAYER_MISMATCH); return; } if (cp->cmd == CMD_PLAYER_CTRL) { - // UGLY! p2 is mis-used to get the client-id in CmdPlayerCtrl - cp->p2 = cs - _clients; + if (cp->p1 == 0) + // UGLY! p2 is mis-used to get the client-id in CmdPlayerCtrl + cp->p2 = cs - _clients; + else { + /* We do NOT allow any client to send any PLAYER_CTRL packet.. + (they can delete random players with it if they like */ + SEND_COMMAND(PACKET_SERVER_ERROR)(cs, NETWORK_ERROR_PLAYER_MISMATCH); + return; + } } |