summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrubidium <rubidium@openttd.org>2011-02-08 21:45:38 +0000
committerrubidium <rubidium@openttd.org>2011-02-08 21:45:38 +0000
commit537bd8a429a930a66c171ba6e6760352a99c2915 (patch)
tree48fa918801d6bf549a72cd0eb7f4ba3e7b69c17d
parent5f7439a00f28af72edafe4577fa7755b6969ca67 (diff)
downloadopenttd-537bd8a429a930a66c171ba6e6760352a99c2915.tar.xz
(svn r22031) -Fix: bad servers could crash a client
-rw-r--r--src/network/network_client.cpp7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/network/network_client.cpp b/src/network/network_client.cpp
index 658d3a0e8..2d75353df 100644
--- a/src/network/network_client.cpp
+++ b/src/network/network_client.cpp
@@ -568,6 +568,13 @@ DEF_GAME_RECEIVE_COMMAND(Client, PACKET_SERVER_CLIENT_INFO)
return NETWORK_RECV_STATUS_OKAY;
}
+ /* There are at most as many ClientInfo as ClientSocket objects in a
+ * server. Having more Infos than a server can have means something
+ * has gone wrong somewhere, i.e. the server has more Infos than it
+ * has actual clients. That means the server is feeding us an invalid
+ * state. So, bail out! This server is broken. */
+ if (!NetworkClientInfo::CanAllocateItem()) return NETWORK_RECV_STATUS_MALFORMED_PACKET;
+
/* We don't have this client_id yet, find an empty client_id, and put the data there */
ci = new NetworkClientInfo(client_id);
ci->client_playas = playas;