From 2999d301adade21ddd253b5d765bb8468e39f224 Mon Sep 17 00:00:00 2001
From: rubidium42 <rubidium@openttd.org>
Date: Fri, 23 Apr 2021 19:27:48 +0200
Subject: [PATCH] Add: [Network] Validate the client name when receiving one
 from the server

This so names from other clients are known valid in the client as well, instead allowing some compromised/bad server to potentially crash clients upon certain expectations.
---
 src/network/network_client.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/network/network_client.cpp b/src/network/network_client.cpp
index b234880d73..72f69f99f7 100644
--- a/src/network/network_client.cpp
+++ b/src/network/network_client.cpp
@@ -623,6 +623,10 @@ NetworkRecvStatus ClientNetworkGameSocketHandler::Receive_SERVER_CLIENT_INFO(Pac
 
 	if (this->status < STATUS_AUTHORIZED) return NETWORK_RECV_STATUS_MALFORMED_PACKET;
 	if (this->HasClientQuit()) return NETWORK_RECV_STATUS_CONN_LOST;
+	/* The server validates the name when receiving it from clients, so when it is wrong
+	 * here something went really wrong. In the best case the packet got malformed on its
+	 * way too us, in the worst case the server is broken or compromised. */
+	if (!NetworkIsValidClientName(name)) return NETWORK_RECV_STATUS_MALFORMED_PACKET;
 
 	ci = NetworkClientInfo::GetByClientID(client_id);
 	if (ci != nullptr) {