From 8fe8765aaa93e0c992305a7a9c4b21dd9c1842c7 Mon Sep 17 00:00:00 2001 From: alberth Date: Sat, 12 Jul 2014 17:04:14 +0000 Subject: (svn r26685) -Fix: Tighten parameter bound checks on GSCargoMonitor functions, and return -1 on out-of-bound parameters. --- src/script/api/script_cargomonitor.cpp | 39 +++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 8 deletions(-) (limited to 'src/script/api/script_cargomonitor.cpp') diff --git a/src/script/api/script_cargomonitor.cpp b/src/script/api/script_cargomonitor.cpp index 4b5b85ed6..3cb9b4a8e 100644 --- a/src/script/api/script_cargomonitor.cpp +++ b/src/script/api/script_cargomonitor.cpp @@ -10,31 +10,54 @@ /** @file script_cargomonitor.cpp Code to monitor cargo pickup and deliveries by companies. */ #include "../../stdafx.h" +#include "script_cargo.hpp" #include "script_cargomonitor.hpp" +#include "../../town.h" +#include "../../industry.h" #include "../../safeguards.h" -/* static */ uint32 ScriptCargoMonitor::GetTownDeliveryAmount(ScriptCompany::CompanyID company, CargoID cargo, TownID town_id, bool keep_monitoring) +/* static */ int32 ScriptCargoMonitor::GetTownDeliveryAmount(ScriptCompany::CompanyID company, CargoID cargo, TownID town_id, bool keep_monitoring) { - CargoMonitorID monitor = EncodeCargoTownMonitor(static_cast(company), cargo, town_id); + CompanyID cid = static_cast(company); + if (cid < OWNER_BEGIN || cid >= MAX_COMPANIES) return -1; + if (!ScriptCargo::IsValidCargo(cargo)) return -1; + if (!::Town::IsValidID(town_id)) return -1; + + CargoMonitorID monitor = EncodeCargoTownMonitor(cid, cargo, town_id); return GetDeliveryAmount(monitor, keep_monitoring); } -/* static */ uint32 ScriptCargoMonitor::GetIndustryDeliveryAmount(ScriptCompany::CompanyID company, CargoID cargo, IndustryID industry_id, bool keep_monitoring) +/* static */ int32 ScriptCargoMonitor::GetIndustryDeliveryAmount(ScriptCompany::CompanyID company, CargoID cargo, IndustryID industry_id, bool keep_monitoring) { - CargoMonitorID monitor = EncodeCargoIndustryMonitor(static_cast(company), cargo, industry_id); + CompanyID cid = static_cast(company); + if (cid < OWNER_BEGIN || cid >= MAX_COMPANIES) return -1; + if (!ScriptCargo::IsValidCargo(cargo)) return -1; + if (!::Industry::IsValidID(industry_id)) return -1; + + CargoMonitorID monitor = EncodeCargoIndustryMonitor(cid, cargo, industry_id); return GetDeliveryAmount(monitor, keep_monitoring); } -/* static */ uint32 ScriptCargoMonitor::GetTownPickupAmount(ScriptCompany::CompanyID company, CargoID cargo, TownID town_id, bool keep_monitoring) +/* static */ int32 ScriptCargoMonitor::GetTownPickupAmount(ScriptCompany::CompanyID company, CargoID cargo, TownID town_id, bool keep_monitoring) { - CargoMonitorID monitor = EncodeCargoTownMonitor(static_cast(company), cargo, town_id); + CompanyID cid = static_cast(company); + if (cid < OWNER_BEGIN || cid >= MAX_COMPANIES) return -1; + if (!ScriptCargo::IsValidCargo(cargo)) return -1; + if (!::Town::IsValidID(town_id)) return -1; + + CargoMonitorID monitor = EncodeCargoTownMonitor(cid, cargo, town_id); return GetPickupAmount(monitor, keep_monitoring); } -/* static */ uint32 ScriptCargoMonitor::GetIndustryPickupAmount(ScriptCompany::CompanyID company, CargoID cargo, IndustryID industry_id, bool keep_monitoring) +/* static */ int32 ScriptCargoMonitor::GetIndustryPickupAmount(ScriptCompany::CompanyID company, CargoID cargo, IndustryID industry_id, bool keep_monitoring) { - CargoMonitorID monitor = EncodeCargoIndustryMonitor(static_cast(company), cargo, industry_id); + CompanyID cid = static_cast(company); + if (cid < OWNER_BEGIN || cid >= MAX_COMPANIES) return -1; + if (!ScriptCargo::IsValidCargo(cargo)) return -1; + if (!::Industry::IsValidID(industry_id)) return -1; + + CargoMonitorID monitor = EncodeCargoIndustryMonitor(cid, cargo, industry_id); return GetPickupAmount(monitor, keep_monitoring); } -- cgit v1.2.3-54-g00ecf