tFix for a DOS against the server using the REQUESTJET message type. - vaccinew… | |
git clone git://src.adamsgaard.dk/vaccinewars | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
commit 54a5538c8d5f20e7c963e8c5dd26d513be5df136 | |
parent 3486d22aaf34fec2240c5021ee21d13f836fa9c4 | |
Author: Ben Webb <[email protected]> | |
Date: Mon, 5 Oct 2009 04:11:32 +0000 | |
Fix for a DOS against the server using the REQUESTJET message type. | |
Diffstat: | |
M ChangeLog | 2 ++ | |
M src/serverside.c | 6 ++++++ | |
2 files changed, 8 insertions(+), 0 deletions(-) | |
--- | |
diff --git a/ChangeLog b/ChangeLog | |
t@@ -5,6 +5,8 @@ SVN | |
and Francois Marier. | |
- Support for old GTK1 and GLIB1 libraries removed - we now need version 2 | |
of these libraries to build dopewars. | |
+ - Fix for a DOS against the server using the REQUESTJET message type | |
+ (thanks to Doug Prostko for reporting the problem). | |
1.5.12 30-12-2005 | |
- Really fix a potential exploit against the Win32 server when running as | |
diff --git a/src/serverside.c b/src/serverside.c | |
t@@ -504,6 +504,12 @@ void HandleServerMessage(gchar *buf, Player *Play) | |
break; | |
case C_REQUESTJET: | |
i = atoi(Data); | |
+ /* Make sure value is within range */ | |
+ if (i < 0 || i >= NumLocation) { | |
+ dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"), | |
+ GetPlayerName(Play), Data); | |
+ break; | |
+ } | |
if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) { | |
if (CanRunHere(Play)) { | |
break; |