From 11ca40cf88f0ab65584c01771f5c933d6b282aef Mon Sep 17 00:00:00 2001 From: glx Date: Mon, 21 Jul 2008 15:50:55 +0000 Subject: (svn r13775) -Codechange: enforce the validity of a NetworkAction (chat packet) issued by a client --- src/network/network_server.cpp | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'src/network') diff --git a/src/network/network_server.cpp b/src/network/network_server.cpp index f85e15f29..1aca596d9 100644 --- a/src/network/network_server.cpp +++ b/src/network/network_server.cpp @@ -1166,7 +1166,21 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT_CHAT) p->Recv_string(msg, MAX_TEXT_MSG_LEN); - NetworkServerSendChat(action, desttype, dest, msg, cs->index); + const NetworkClientInfo *ci = DEREF_CLIENT_INFO(cs); + switch (action) { + case NETWORK_ACTION_GIVE_MONEY: + if (!IsValidPlayerID(ci->client_playas)) break; + /* Fall-through */ + case NETWORK_ACTION_CHAT: + case NETWORK_ACTION_CHAT_CLIENT: + case NETWORK_ACTION_CHAT_COMPANY: + NetworkServerSendChat(action, desttype, dest, msg, cs->index); + break; + default: + IConsolePrintF(CC_ERROR, "WARNING: invalid chat action from client %d (IP: %s).", ci->client_index, GetPlayerIP(ci)); + SEND_COMMAND(PACKET_SERVER_ERROR)(cs, NETWORK_ERROR_NOT_EXPECTED); + break; + } } DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT_SET_PASSWORD) -- cgit v1.2.3-70-g09d2