From aa12b3b9e8cd7edd57a2602cdb24ddf6d996b2f2 Mon Sep 17 00:00:00 2001 From: Per Inge Mathisen Date: Fri, 15 Feb 2008 21:31:23 +0000 Subject: [PATCH] Add several sanity checks for network packets received. git-svn-id: svn+ssh://svn.gna.org/svn/warzone/trunk@3790 4a71c877-e1ca-e34f-864e-861f7616d084 --- src/multiplay.c | 23 ++++++++++++++++++++++- src/multisync.c | 16 ++++++++++++++-- 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/src/multiplay.c b/src/multiplay.c index 6c72f090d..fa743fca9 100644 --- a/src/multiplay.c +++ b/src/multiplay.c @@ -723,6 +723,11 @@ BOOL recvMessage(void) NETuint32_t(&player_id); NETbool(&host); // Added to check for host quit here -- Buggy NETend(); + if (player_id >= MAX_PLAYERS) + { + debug(LOG_ERROR, "Bad NET_LEAVING received, player ID is %d", (int)player_id); + break; + } MultiPlayerLeave(player_id); if (host) // host has quit, need to quit too. { @@ -743,7 +748,11 @@ BOOL recvMessage(void) // the player that has just responded NETuint32_t(&player_id); NETend(); - + if (player_id >= MAX_PLAYERS) + { + debug(LOG_ERROR, "Bad NET_PLAYERRESPONDING received, ID is %d", (int)player_id); + break; + } // This player is now with us! ingame.JoiningInProgress[player_id] = FALSE; break; @@ -848,6 +857,12 @@ static BOOL recvResearch() NETuint32_t(&index); NETend(); + if (player >= MAX_PLAYERS || index >= numResearch) + { + debug(LOG_ERROR, "Bad NET_RESEARCH received, player is %d, index is %u", (int)player, index); + return FALSE; + } + pPlayerRes = asPlayerResList[player] + index; // If they have completed the research @@ -932,6 +947,12 @@ BOOL recvResearchStatus() NETuint32_t(&index); NETend(); + if (player >= MAX_PLAYERS || index >= numResearch) + { + debug(LOG_ERROR, "Bad NET_RESEARCHSTATUS received, player is %d, index is %u", (int)player, index); + return FALSE; + } + pPlayerRes = asPlayerResList[player] + index; // psBuilding may be null if finishing diff --git a/src/multisync.c b/src/multisync.c index 01412e64b..d92bda4a4 100644 --- a/src/multisync.c +++ b/src/multisync.c @@ -763,7 +763,14 @@ BOOL recvStructureCheck() NETuint16_t(&y); NETuint16_t(&z); NETfloat(&direction); - + + if (player >= MAX_PLAYERS) + { + debug(LOG_ERROR, "Bad NET_CHECK_STRUCT received!"); + NETend(); + return FALSE; + } + // If the structure exists our job is easy pS = IdToStruct(ref, player); if (pS) @@ -1042,7 +1049,6 @@ BOOL sendScoreCheck(void) } - BOOL recvScoreSubmission() { uint8_t player; @@ -1175,6 +1181,12 @@ BOOL recvPing() NETbool(&isNew); NETend(); + if (sender >= MAX_PLAYERS) + { + debug(LOG_ERROR, "Bad NET_PING packet, sender is %d", (int)sender); + return FALSE; + } + // If this is a new ping, respond to it if (isNew) {