tFix for a DOS against the server using the REQUESTJET message type. - vaccinewars - be a doctor and try to vaccinate the world
HTML git clone git://src.adamsgaard.dk/vaccinewars
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit 54a5538c8d5f20e7c963e8c5dd26d513be5df136
DIR parent 3486d22aaf34fec2240c5021ee21d13f836fa9c4
HTML Author: Ben Webb <ben@salilab.org>
Date: Mon, 5 Oct 2009 04:11:32 +0000
Fix for a DOS against the server using the REQUESTJET message type.
Diffstat:
M ChangeLog | 2 ++
M src/serverside.c | 6 ++++++
2 files changed, 8 insertions(+), 0 deletions(-)
---
DIR diff --git a/ChangeLog b/ChangeLog
t@@ -5,6 +5,8 @@ SVN
and Francois Marier.
- Support for old GTK1 and GLIB1 libraries removed - we now need version 2
of these libraries to build dopewars.
+ - Fix for a DOS against the server using the REQUESTJET message type
+ (thanks to Doug Prostko for reporting the problem).
1.5.12 30-12-2005
- Really fix a potential exploit against the Win32 server when running as
DIR diff --git a/src/serverside.c b/src/serverside.c
t@@ -504,6 +504,12 @@ void HandleServerMessage(gchar *buf, Player *Play)
break;
case C_REQUESTJET:
i = atoi(Data);
+ /* Make sure value is within range */
+ if (i < 0 || i >= NumLocation) {
+ dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"),
+ GetPlayerName(Play), Data);
+ break;
+ }
if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) {
if (CanRunHere(Play)) {
break;