From 666fbb28c273ab94ac854b7cdda22c0881a24dba Mon Sep 17 00:00:00 2001
From: smatz <smatz@openttd.org>
Date: Sat, 1 Jan 2011 17:02:29 +0000
Subject: (svn r21687) -Fix: verify the colour code we received from the server
 is valid

---
 src/console_type.h             | 6 ++++++
 src/network/network_client.cpp | 7 ++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/console_type.h b/src/console_type.h
index f8fec98d2..4e08326af 100644
--- a/src/console_type.h
+++ b/src/console_type.h
@@ -30,4 +30,10 @@ enum ConsoleColour {
 	CC_WHITE   = 12,
 };
 
+static inline bool IsValidConsoleColour(uint c)
+{
+	return c == CC_DEFAULT || c == CC_ERROR || c == CC_WARNING || c == CC_INFO ||
+			c == CC_DEBUG || c == CC_COMMAND || c == CC_WHITE;
+}
+
 #endif /* CONSOLE_TYPE_H */
diff --git a/src/network/network_client.cpp b/src/network/network_client.cpp
index a0a828a37..fbc5809df 100644
--- a/src/network/network_client.cpp
+++ b/src/network/network_client.cpp
@@ -1067,12 +1067,13 @@ DEF_GAME_RECEIVE_COMMAND(Client, PACKET_SERVER_RCON)
 {
 	if (this->status < STATUS_AUTHORIZED) return NETWORK_RECV_STATUS_MALFORMED_PACKET;
 
-	char rcon_out[NETWORK_RCONCOMMAND_LENGTH];
+	uint colour_code = p->Recv_uint16();
+	if (!IsValidConsoleColour(colour_code)) return NETWORK_RECV_STATUS_MALFORMED_PACKET;
 
-	ConsoleColour colour_code = (ConsoleColour)p->Recv_uint16();
+	char rcon_out[NETWORK_RCONCOMMAND_LENGTH];
 	p->Recv_string(rcon_out, sizeof(rcon_out));
 
-	IConsolePrint(colour_code, rcon_out);
+	IConsolePrint((ConsoleColour)colour_code, rcon_out);
 
 	return NETWORK_RECV_STATUS_OKAY;
 }
-- 
cgit v1.2.3-54-g00ecf