(svn r14897) -Codechange: don't allow a few command flags to be sent over the network as it's bogus information anyway; e.g. the "do not send over network" flag as it will be set whenever the command is received from the server/client.

-Codechange: test earlier whether the command (send from the server) is actually valid.
2009-01-07 15:27:19 +00:00
parent f5b23103d7
commit 8d017f0ea1
4 changed files with 26 additions and 1 deletions
--- a/src/network/network_client.cpp
+++ b/src/network/network_client.cpp
@@ -685,6 +685,24 @@ DEF_CLIENT_RECEIVE_COMMAND(PACKET_SERVER_COMMAND)
 	cp->my_cmd   = p->Recv_bool();
 	cp->next     = NULL;

+	if (!IsValidCommand(cp->cmd)) {
+		IConsolePrintF(CC_ERROR, "WARNING: invalid command from server, dropping...");
+		free(cp);
+		return NETWORK_RECV_STATUS_MALFORMED_PACKET;
+	}
+
+	if (GetCommandFlags(cp->cmd) & CMD_OFFLINE) {
+		IConsolePrintF(CC_ERROR, "WARNING: offline only command from server, dropping...");
+		free(cp);
+		return NETWORK_RECV_STATUS_MALFORMED_PACKET;
+	}
+
+	if ((cp->cmd & CMD_FLAGS_MASK) != 0) {
+		IConsolePrintF(CC_ERROR, "WARNING: invalid command flag from server, dropping...");
+		free(cp);
+		return NETWORK_RECV_STATUS_MALFORMED_PACKET;
+	}
+
 	// The server did send us this command..
 	//  queue it in our own queue, so we can handle it in the upcoming frame!