From 522d6b590c961d107ed0f03ec83c7d32e9181c91 Mon Sep 17 00:00:00 2001 From: bjarni Date: Tue, 4 Jan 2005 17:54:16 +0000 Subject: (svn r1376) fixed an issue where a modified client could try to replace a vehicle to an invalid engine ID and crash the server. Now the server just rejects the request. Also added a check for vehicle ownership, so you should not be able to replace other player's vehicles --- vehicle.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/vehicle.c b/vehicle.c index 7ff4ba787..5fb97df38 100644 --- a/vehicle.c +++ b/vehicle.c @@ -1415,8 +1415,18 @@ int32 CmdReplaceVehicle(int x, int y, uint32 flags, uint32 p1, uint32 p2) SET_EXPENSES_TYPE(EXPENSES_NEW_VEHICLES); + + // first we make sure that it's a valid type the user requested + // check that it's an engine that is in the engine array + if (new_engine_type >= TOTAL_NUM_ENGINES ) return CMD_ERROR; + + // check that the new vehicle type is the same as the original one if (v->type != _engines[new_engine_type].type) return CMD_ERROR; + // check that it's the vehicle's owner that requested the replace + if (!CheckOwnership(v->owner)) return CMD_ERROR; + + switch (v->type) { case VEH_Train: build_cost = EstimateTrainCost(RailVehInfo(new_engine_type)); break; case VEH_Road: build_cost = EstimateRoadVehCost(new_engine_type); break; -- cgit v1.2.3-70-g09d2