blob: d657bf8744f11b1977be2abb732c4c662fcdddb1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Patch for CVE-2009-3591 -- bug 288295.
Fetched from upstream SVN:
http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1033&r2=1032&pathrev=1033
--- dopewars/trunk/src/serverside.c 2009/03/10 07:18:49 1032
+++ dopewars/trunk/src/serverside.c 2009/10/05 04:11:32 1033
@@ -504,6 +504,12 @@
break;
case C_REQUESTJET:
i = atoi(Data);
+ /* Make sure value is within range */
+ if (i < 0 || i >= NumLocation) {
+ dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"),
+ GetPlayerName(Play), Data);
+ break;
+ }
if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) {
if (CanRunHere(Play)) {
break;
|