Archives/OpenTTD-patches
2
0
Fork 0
mirror of https://github.com/JGRennison/OpenTTD-patches.git synced 2024-11-16 00:12:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

(svn r4291) - Fix: validate all received strings for correctness. This fixes potential crashes on invalid clients/servers (thanks test for bringing this to our attention)

Browse Source
This commit is contained in:
Darkvater 2006-04-05 20:11:01 +00:00
parent 07e4134ebd
commit a39f69b9bd
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
network_data.c
View File

@ -273,6 +273,7 @@ uint64 NetworkRecv_uint64(NetworkClientState *cs, Packet *packet)
void NetworkRecv_string(NetworkClientState *cs, Packet *p, char* buffer, size_t size) void NetworkRecv_string(NetworkClientState *cs, Packet *p, char* buffer, size_t size)
{ {
int pos; int pos;
char *bufp = buffer;
/* Don't allow reading from a closed socket */ /* Don't allow reading from a closed socket */
if (cs->quited) if (cs->quited)
@ -289,6 +290,8 @@ void NetworkRecv_string(NetworkClientState *cs, Packet *p, char* buffer, size_t
++pos; ++pos;
} }
p->pos = pos; p->pos = pos;
str_validate(bufp);
} }
// If PacketSize changes of size, you have to change the 2 packet->size // If PacketSize changes of size, you have to change the 2 packet->size

3
network_udp.c
View File

@ -134,9 +134,6 @@ DEF_UDP_RECEIVE_COMMAND(PACKET_UDP_SERVER_RESPONSE)
item->info.map_set = NetworkRecv_uint8(&_udp_cs, p); item->info.map_set = NetworkRecv_uint8(&_udp_cs, p);
item->info.dedicated = NetworkRecv_uint8(&_udp_cs, p); item->info.dedicated = NetworkRecv_uint8(&_udp_cs, p);
str_validate(item->info.server_name);
str_validate(item->info.server_revision);
str_validate(item->info.map_name);
if (item->info.server_lang >= NETWORK_NUM_LANGUAGES) item->info.server_lang = 0; if (item->info.server_lang >= NETWORK_NUM_LANGUAGES) item->info.server_lang = 0;
if (item->info.map_set >= NUM_LANDSCAPE ) item->info.map_set = 0; if (item->info.map_set >= NUM_LANDSCAPE ) item->info.map_set = 0;