From 11ca40cf88f0ab65584c01771f5c933d6b282aef Mon Sep 17 00:00:00 2001
From: glx <glx@openttd.org>
Date: Mon, 21 Jul 2008 15:50:55 +0000
Subject: (svn r13775) -Codechange: enforce the validity of a NetworkAction
 (chat packet) issued by a client

---
 src/network/network_server.cpp | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'src/network')

diff --git a/src/network/network_server.cpp b/src/network/network_server.cpp
index f85e15f29..1aca596d9 100644
--- a/src/network/network_server.cpp
+++ b/src/network/network_server.cpp
@@ -1166,7 +1166,21 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT_CHAT)
 
 	p->Recv_string(msg, MAX_TEXT_MSG_LEN);
 
-	NetworkServerSendChat(action, desttype, dest, msg, cs->index);
+	const NetworkClientInfo *ci = DEREF_CLIENT_INFO(cs);
+	switch (action) {
+		case NETWORK_ACTION_GIVE_MONEY:
+			if (!IsValidPlayerID(ci->client_playas)) break;
+			/* Fall-through */
+		case NETWORK_ACTION_CHAT:
+		case NETWORK_ACTION_CHAT_CLIENT:
+		case NETWORK_ACTION_CHAT_COMPANY:
+			NetworkServerSendChat(action, desttype, dest, msg, cs->index);
+			break;
+		default:
+			IConsolePrintF(CC_ERROR, "WARNING: invalid chat action from client %d (IP: %s).", ci->client_index, GetPlayerIP(ci));
+			SEND_COMMAND(PACKET_SERVER_ERROR)(cs, NETWORK_ERROR_NOT_EXPECTED);
+			break;
+	}
 }
 
 DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT_SET_PASSWORD)
-- 
cgit v1.2.3-54-g00ecf