From 537bd8a429a930a66c171ba6e6760352a99c2915 Mon Sep 17 00:00:00 2001
From: rubidium <rubidium@openttd.org>
Date: Tue, 8 Feb 2011 21:45:38 +0000
Subject: (svn r22031) -Fix: bad servers could crash a client

---
 src/network/network_client.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/network/network_client.cpp')

diff --git a/src/network/network_client.cpp b/src/network/network_client.cpp
index 658d3a0e8..2d75353df 100644
--- a/src/network/network_client.cpp
+++ b/src/network/network_client.cpp
@@ -568,6 +568,13 @@ DEF_GAME_RECEIVE_COMMAND(Client, PACKET_SERVER_CLIENT_INFO)
 		return NETWORK_RECV_STATUS_OKAY;
 	}
 
+	/* There are at most as many ClientInfo as ClientSocket objects in a
+	 * server. Having more Infos than a server can have means something
+	 * has gone wrong somewhere, i.e. the server has more Infos than it
+	 * has actual clients. That means the server is feeding us an invalid
+	 * state. So, bail out! This server is broken. */
+	if (!NetworkClientInfo::CanAllocateItem()) return NETWORK_RECV_STATUS_MALFORMED_PACKET;
+
 	/* We don't have this client_id yet, find an empty client_id, and put the data there */
 	ci = new NetworkClientInfo(client_id);
 	ci->client_playas = playas;
-- 
cgit v1.2.3-54-g00ecf