tFix for a DOS against the server using the REQUESTJET message type. - vaccinewars - be a doctor and try to vaccinate the world (HTM) git clone git://src.adamsgaard.dk/vaccinewars (DIR) Log (DIR) Files (DIR) Refs (DIR) README (DIR) LICENSE --- (DIR) commit 54a5538c8d5f20e7c963e8c5dd26d513be5df136 (DIR) parent 3486d22aaf34fec2240c5021ee21d13f836fa9c4 (HTM) Author: Ben Webb <ben@salilab.org> Date: Mon, 5 Oct 2009 04:11:32 +0000 Fix for a DOS against the server using the REQUESTJET message type. Diffstat: M ChangeLog | 2 ++ M src/serverside.c | 6 ++++++ 2 files changed, 8 insertions(+), 0 deletions(-) --- (DIR) diff --git a/ChangeLog b/ChangeLog t@@ -5,6 +5,8 @@ SVN and Francois Marier. - Support for old GTK1 and GLIB1 libraries removed - we now need version 2 of these libraries to build dopewars. + - Fix for a DOS against the server using the REQUESTJET message type + (thanks to Doug Prostko for reporting the problem). 1.5.12 30-12-2005 - Really fix a potential exploit against the Win32 server when running as (DIR) diff --git a/src/serverside.c b/src/serverside.c t@@ -504,6 +504,12 @@ void HandleServerMessage(gchar *buf, Player *Play) break; case C_REQUESTJET: i = atoi(Data); + /* Make sure value is within range */ + if (i < 0 || i >= NumLocation) { + dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"), + GetPlayerName(Play), Data); + break; + } if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) { if (CanRunHere(Play)) { break;