From 73c0cc5203ee748b4b38046ae7a53e4aa138cdd2 Mon Sep 17 00:00:00 2001 From: bjarni Date: Sun, 30 Jan 2005 20:50:06 +0000 Subject: (svn r1741) - Fix: added IsVehicleIndex() so it's possible to protect GetVehicle() from reading an invalid vehicle index - Fix: added check for v->type in some commands, which expects v to be a specific type Checks like this is needed to protect network servers from people, who hack their clients to either cheat or crash the server NOTE: if I made a mistake here it can make a function unreachable when it should be used. Here is one place to look if something weird happens --- vehicle.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'vehicle.c') diff --git a/vehicle.c b/vehicle.c index 9ebf7801b..aa83185b5 100644 --- a/vehicle.c +++ b/vehicle.c @@ -1331,13 +1331,15 @@ int32 CmdReplaceVehicle(int x, int y, uint32 flags, uint32 p1, uint32 p2) the last 8 bit is the engine. The 8 bits in front of the engine is free so it have room for 16 bit engine entries */ uint16 new_engine_type = (uint16)(p2 & 0xFFFF); uint32 autorefit_money = (p2 >> 16) * 100000; - Vehicle *v = GetVehicle(p1); + Vehicle *v, *u; int cost, build_cost, rear_engine_cost = 0; - Vehicle *u = v; - byte old_engine_type = v->engine_type; + byte old_engine_type; - SET_EXPENSES_TYPE(EXPENSES_NEW_VEHICLES); + if (!IsVehicleIndex(p1)) return CMD_ERROR; + + v = u = GetVehicle(p1); + old_engine_type = v->engine_type; // first we make sure that it's a valid type the user requested // check that it's an engine that is in the engine array @@ -1636,6 +1638,8 @@ int32 CmdNameVehicle(int x, int y, uint32 flags, uint32 p1, uint32 p2) Vehicle *v; StringID str; + if (!IsVehicleIndex(p1)) return CMD_ERROR; + v = GetVehicle(p1); if (!CheckOwnership(v->owner)) -- cgit v1.2.3-54-g00ecf