From 73c0cc5203ee748b4b38046ae7a53e4aa138cdd2 Mon Sep 17 00:00:00 2001
From: bjarni <bjarni@openttd.org>
Date: Sun, 30 Jan 2005 20:50:06 +0000
Subject: (svn r1741) - Fix: added IsVehicleIndex() so it's possible to protect
 GetVehicle() from reading an invalid vehicle index - Fix: added check for
 v->type in some commands, which expects v to be a specific type

Checks like this is needed to protect network servers from people, who hack their clients to either cheat or crash the server

NOTE: if I made a mistake here it can make a function unreachable when it should be used. Here is one place to look if something weird happens
---
 roadveh_cmd.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'roadveh_cmd.c')

diff --git a/roadveh_cmd.c b/roadveh_cmd.c
index 1ad6d7104..21b28c41a 100644
--- a/roadveh_cmd.c
+++ b/roadveh_cmd.c
@@ -209,6 +209,8 @@ int32 CmdStartStopRoadVeh(int x, int y, uint32 flags, uint32 p1, uint32 p2)
 {
 	Vehicle *v;
 
+	if (!IsVehicleIndex(p1)) return CMD_ERROR;
+
 	v = GetVehicle(p1);
 
 	if (v->type != VEH_Road || !CheckOwnership(v->owner))
@@ -229,13 +231,15 @@ int32 CmdSellRoadVeh(int x, int y, uint32 flags, uint32 p1, uint32 p2)
 {
 	Vehicle *v;
 
-	SET_EXPENSES_TYPE(EXPENSES_NEW_VEHICLES);
+	if (!IsVehicleIndex(p1)) return CMD_ERROR;
 
 	v = GetVehicle(p1);
 
 	if (v->type != VEH_Road || !CheckOwnership(v->owner))
 		return CMD_ERROR;
 
+	SET_EXPENSES_TYPE(EXPENSES_NEW_VEHICLES);
+
 	if (!IsRoadDepotTile(v->tile) || v->u.road.state != 254 || !(v->vehstatus&VS_STOPPED))
 		return_cmd_error(STR_9013_MUST_BE_STOPPED_INSIDE);
 
@@ -307,9 +311,13 @@ static int FindClosestRoadDepot(Vehicle *v)
 		 bit 2 = clear v->set_for_replacement */
 int32 CmdSendRoadVehToDepot(int x, int y, uint32 flags, uint32 p1, uint32 p2)
 {
-	Vehicle *v = GetVehicle(p1);
+	Vehicle *v;
 	int depot;
 
+	if (!IsVehicleIndex(p1)) return CMD_ERROR;
+
+	v = GetVehicle(p1);
+
 	if (v->type != VEH_Road || !CheckOwnership(v->owner))
 		return CMD_ERROR;
 
@@ -348,6 +356,8 @@ int32 CmdTurnRoadVeh(int x, int y, uint32 flags, uint32 p1, uint32 p2)
 {
 	Vehicle *v;
 
+	if (!IsVehicleIndex(p1)) return CMD_ERROR;
+
 	v = GetVehicle(p1);
 
 	if (v->type != VEH_Road || !CheckOwnership(v->owner))
@@ -373,6 +383,8 @@ int32 CmdChangeRoadVehServiceInt(int x, int y, uint32 flags, uint32 p1, uint32 p
 {
 	Vehicle *v;
 
+	if (!IsVehicleIndex(p1)) return CMD_ERROR;
+
 	v = GetVehicle(p1);
 
 	if (v->type != VEH_Road || !CheckOwnership(v->owner))
-- 
cgit v1.2.3-70-g09d2