From 24a60b77ece2fabd866d0a6f4e3ecda3f2d52ea2 Mon Sep 17 00:00:00 2001
From: smatz <smatz@openttd.org>
Date: Sun, 11 Apr 2010 22:06:17 +0000
Subject: (svn r19613) -Fix [FS#3755]: possible invalid read when server moves
 client to spectators before he finishes joining

---
 src/network/network_server.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'src/network')

diff --git a/src/network/network_server.cpp b/src/network/network_server.cpp
index 4eb180244..a3cd53954 100644
--- a/src/network/network_server.cpp
+++ b/src/network/network_server.cpp
@@ -779,10 +779,12 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT_COMPANY_PASSWORD)
 	char password[NETWORK_PASSWORD_LENGTH];
 	p->Recv_string(password, sizeof(password));
 
-	/* Check company password. Allow joining if we cleared the password meanwhile */
-	const NetworkClientInfo *ci = cs->GetInfo();
-	if (!StrEmpty(_network_company_states[ci->client_playas].password) &&
-			strcmp(password, _network_company_states[ci->client_playas].password) != 0) {
+	/* Check company password. Allow joining if we cleared the password meanwhile.
+	 * Also, check the company is still valid - client could be moved to spectators
+	 * in the middle of the authorization process */
+	CompanyID playas = cs->GetInfo()->client_playas;
+	if (Company::IsValidID(playas) && !StrEmpty(_network_company_states[playas].password) &&
+			strcmp(password, _network_company_states[playas].password) != 0) {
 		/* Password is invalid */
 		return SEND_COMMAND(PACKET_SERVER_ERROR)(cs, NETWORK_ERROR_WRONG_PASSWORD);
 	}
-- 
cgit v1.2.3-54-g00ecf