From 134039249735847ac883f9731fecc2a1b6aa4587 Mon Sep 17 00:00:00 2001 From: Jonathan G Rennison Date: Sun, 3 Mar 2019 20:54:29 +0000 Subject: [PATCH] Verify length of binary data in CmdBuildVehicle and CmdAddPlanLine --- src/command.cpp | 4 ++-- src/plans_cmd.cpp | 6 ++++-- src/vehicle_cmd.cpp | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/command.cpp b/src/command.cpp index d7aee1cd30..038a22e35e 100644 --- a/src/command.cpp +++ b/src/command.cpp @@ -86,7 +86,7 @@ CommandProc CmdPlantTree; CommandProc CmdMoveRailVehicle; -CommandProc CmdBuildVehicle; +CommandProcEx CmdBuildVehicle; CommandProc CmdSellVehicle; CommandProc CmdRefitVehicle; CommandProc CmdSendVehicleToDepot; @@ -252,7 +252,7 @@ CommandProc CmdScheduledDispatchSetDelay; CommandProc CmdScheduledDispatchResetLastDispatch; CommandProc CmdAddPlan; -CommandProc CmdAddPlanLine; +CommandProcEx CmdAddPlanLine; CommandProc CmdRemovePlan; CommandProc CmdRemovePlanLine; CommandProc CmdChangePlanVisibility; diff --git a/src/plans_cmd.cpp b/src/plans_cmd.cpp index 3b8158414f..83772a167e 100644 --- a/src/plans_cmd.cpp +++ b/src/plans_cmd.cpp @@ -51,16 +51,18 @@ CommandCost CmdAddPlan(TileIndex tile, DoCommandFlag flags, uint32 p1, uint32 p2 * @param flags type of operation * @param p1 plan id * @param p2 number of nodes - * @param text list of tile indexes that compose the line, encoded in base64 + * @param text list of tile indexes that compose the line + * @param binary_length binary length of text * @return the cost of this operation or an error */ -CommandCost CmdAddPlanLine(TileIndex tile, DoCommandFlag flags, uint32 p1, uint32 p2, const char *text) +CommandCost CmdAddPlanLine(TileIndex tile, DoCommandFlag flags, uint32 p1, uint32 p2, const char *text, uint32 binary_length) { Plan *p = Plan::GetIfValid(p1); if (p == NULL) return CMD_ERROR; CommandCost ret = CheckOwnership(p->owner); if (ret.Failed()) return ret; if (p2 > (MAX_CMD_TEXT_LENGTH / sizeof(TileIndex))) return_cmd_error(STR_ERROR_TOO_MANY_NODES); + if (!text || binary_length != p2 * 4) return CMD_ERROR; if (flags & DC_EXEC) { PlanLine *pl = p->NewLine(); if (!pl) return_cmd_error(STR_ERROR_NO_MORE_SPACE_FOR_LINES); diff --git a/src/vehicle_cmd.cpp b/src/vehicle_cmd.cpp index 100b06ddba..451022a3f6 100644 --- a/src/vehicle_cmd.cpp +++ b/src/vehicle_cmd.cpp @@ -86,7 +86,7 @@ static CommandCost GetRefitCost(const Vehicle *v, EngineID engine_type, CargoID * @param text used for combined build and refit command * @return the cost of this operation or an error */ -CommandCost CmdBuildVehicle(TileIndex tile, DoCommandFlag flags, uint32 p1, uint32 p2, const char *text) +CommandCost CmdBuildVehicle(TileIndex tile, DoCommandFlag flags, uint32 p1, uint32 p2, const char *text, uint32 binary_length) { /* Elementary check for valid location. */ if (!IsDepotTile(tile)) return CMD_ERROR; @@ -155,7 +155,7 @@ CommandCost CmdBuildVehicle(TileIndex tile, DoCommandFlag flags, uint32 p1, uint } } - if (value.Succeeded() && text && text[0] == 'R') { + if (value.Succeeded() && binary_length == 2 && text && text[0] == 'R') { CargoID cargo = text[1]; if (cargo >= NUM_CARGO) return CMD_ERROR; CargoID default_cargo = e->GetDefaultCargoType();