summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortruelight <truelight@openttd.org>2004-12-16 11:35:08 +0000
committertruelight <truelight@openttd.org>2004-12-16 11:35:08 +0000
commit523ba1ff50dfaee79036c03d83ee6d64475cbd37 (patch)
treed6750d8fa87e388f7c0f32fe01251851514fd9c6
parent693d074d76cca949cd884d68050c764994be0ddb (diff)
downloadopenttd-523ba1ff50dfaee79036c03d83ee6d64475cbd37.tar.xz
(svn r1127) -Fix: [Network] Protect the network against an illegal PLAYER_CTRL (in
which a modified client could, for example, delete a random active company)
-rw-r--r--network_server.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/network_server.c b/network_server.c
index 29402bf4f..c6f655d7b 100644
--- a/network_server.c
+++ b/network_server.c
@@ -775,14 +775,21 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT_COMMAND)
ci = DEREF_CLIENT_INFO(cs);
// Only CMD_PLAYER_CTRL is always allowed, for the rest, playas needs
// to match the player in the packet
- if (cp->cmd != CMD_PLAYER_CTRL && ci->client_playas-1 != cp->player) {
+ if (!(cp->cmd == CMD_PLAYER_CTRL && cp->p1 == 0) && ci->client_playas-1 != cp->player) {
// The player did a command with the wrong player_id.. bad!!
SEND_COMMAND(PACKET_SERVER_ERROR)(cs, NETWORK_ERROR_PLAYER_MISMATCH);
return;
}
if (cp->cmd == CMD_PLAYER_CTRL) {
- // UGLY! p2 is mis-used to get the client-id in CmdPlayerCtrl
- cp->p2 = cs - _clients;
+ if (cp->p1 == 0)
+ // UGLY! p2 is mis-used to get the client-id in CmdPlayerCtrl
+ cp->p2 = cs - _clients;
+ else {
+ /* We do NOT allow any client to send any PLAYER_CTRL packet..
+ (they can delete random players with it if they like */
+ SEND_COMMAND(PACKET_SERVER_ERROR)(cs, NETWORK_ERROR_PLAYER_MISMATCH);
+ return;
+ }
}