(svn r1127) -Fix: [Network] Protect the network against an illegal PLAYER_CTRL (in

which a modified client could, for example, delete a random active company)
This commit is contained in:
truelight 2004-12-16 11:35:08 +00:00
parent 693d074d76
commit 523ba1ff50

View File

@ -775,14 +775,21 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT_COMMAND)
ci = DEREF_CLIENT_INFO(cs);
// Only CMD_PLAYER_CTRL is always allowed, for the rest, playas needs
// to match the player in the packet
if (cp->cmd != CMD_PLAYER_CTRL && ci->client_playas-1 != cp->player) {
if (!(cp->cmd == CMD_PLAYER_CTRL && cp->p1 == 0) && ci->client_playas-1 != cp->player) {
// The player did a command with the wrong player_id.. bad!!
SEND_COMMAND(PACKET_SERVER_ERROR)(cs, NETWORK_ERROR_PLAYER_MISMATCH);
return;
}
if (cp->cmd == CMD_PLAYER_CTRL) {
if (cp->p1 == 0)
// UGLY! p2 is mis-used to get the client-id in CmdPlayerCtrl
cp->p2 = cs - _clients;
else {
/* We do NOT allow any client to send any PLAYER_CTRL packet..
(they can delete random players with it if they like */
SEND_COMMAND(PACKET_SERVER_ERROR)(cs, NETWORK_ERROR_PLAYER_MISMATCH);
return;
}
}