summaryrefslogtreecommitdiff
blob: d657bf8744f11b1977be2abb732c4c662fcdddb1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Patch for CVE-2009-3591 -- bug 288295.

Fetched from upstream SVN:
http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1033&r2=1032&pathrev=1033

--- dopewars/trunk/src/serverside.c	2009/03/10 07:18:49	1032
+++ dopewars/trunk/src/serverside.c	2009/10/05 04:11:32	1033
@@ -504,6 +504,12 @@
     break;
   case C_REQUESTJET:
     i = atoi(Data);
+    /* Make sure value is within range */
+    if (i < 0 || i >= NumLocation) {
+      dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"),
+              GetPlayerName(Play), Data);
+      break;
+    }
     if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) {
       if (CanRunHere(Play)) {
         break;