From 7d984241f39972fc6e2269a0c19071bb1ab96c89 Mon Sep 17 00:00:00 2001 From: frosch Date: Sat, 3 Sep 2011 18:50:20 +0000 Subject: [PATCH] (svn r22884) [1.1] -Backport from trunk: - Fix: Perform stricter checks on some commands [FS#4745] (r22845) - Fix: Harden savegame load against too many AI config settings [FS#4748] (r22843) --- src/autoreplace_cmd.cpp | 2 +- src/network/network_command.cpp | 2 +- src/order_cmd.cpp | 4 ++-- src/saveload/ai_sl.cpp | 2 ++ src/vehicle_cmd.cpp | 3 ++- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/autoreplace_cmd.cpp b/src/autoreplace_cmd.cpp index 19a740de1a..4cb3c9bf39 100644 --- a/src/autoreplace_cmd.cpp +++ b/src/autoreplace_cmd.cpp @@ -731,7 +731,7 @@ CommandCost CmdSetAutoReplace(TileIndex tile, DoCommandFlag flags, uint32 p1, ui GroupID id_g = GB(p1, 16, 16); CommandCost cost; - if (!Group::IsValidID(id_g) && !IsAllGroupID(id_g) && !IsDefaultGroupID(id_g)) return CMD_ERROR; + if (Group::IsValidID(id_g) ? Group::Get(id_g)->owner != _current_company : !IsAllGroupID(id_g) && !IsDefaultGroupID(id_g)) return CMD_ERROR; if (!Engine::IsValidID(old_engine_type)) return CMD_ERROR; if (new_engine_type != INVALID_ENGINE) { diff --git a/src/network/network_command.cpp b/src/network/network_command.cpp index d68021205a..8d1cb09550 100644 --- a/src/network/network_command.cpp +++ b/src/network/network_command.cpp @@ -307,7 +307,7 @@ const char *NetworkGameSocketHandler::ReceiveCommand(Packet *p, CommandPacket *c if (!IsValidCommand(cp->cmd)) return "invalid command"; if (GetCommandFlags(cp->cmd) & CMD_OFFLINE) return "offline only command"; if ((cp->cmd & CMD_FLAGS_MASK) != 0) return "invalid command flag"; - if (callback > lengthof(_callback_table)) return "invalid callback"; + if (callback >= lengthof(_callback_table)) return "invalid callback"; cp->callback = _callback_table[callback]; return NULL; diff --git a/src/order_cmd.cpp b/src/order_cmd.cpp index 88a17d9427..6a3893950a 100644 --- a/src/order_cmd.cpp +++ b/src/order_cmd.cpp @@ -727,10 +727,10 @@ CommandCost CmdInsertOrder(TileIndex tile, DoCommandFlag flags, uint32 p1, uint3 case OT_CONDITIONAL: { VehicleOrderID skip_to = new_order.GetConditionSkipToOrder(); if (skip_to != 0 && skip_to >= v->GetNumOrders()) return CMD_ERROR; // Always allow jumping to the first (even when there is no order). - if (new_order.GetConditionVariable() > OCV_END) return CMD_ERROR; + if (new_order.GetConditionVariable() >= OCV_END) return CMD_ERROR; OrderConditionComparator occ = new_order.GetConditionComparator(); - if (occ > OCC_END) return CMD_ERROR; + if (occ >= OCC_END) return CMD_ERROR; switch (new_order.GetConditionVariable()) { case OCV_REQUIRES_SERVICE: if (occ != OCC_IS_TRUE && occ != OCC_IS_FALSE) return CMD_ERROR; diff --git a/src/saveload/ai_sl.cpp b/src/saveload/ai_sl.cpp index fedd3699a1..c3a95f89b0 100644 --- a/src/saveload/ai_sl.cpp +++ b/src/saveload/ai_sl.cpp @@ -66,6 +66,8 @@ static void Load_AIPL() CompanyID index; while ((index = (CompanyID)SlIterateArray()) != (CompanyID)-1) { + if (index >= MAX_COMPANIES) SlErrorCorrupt("Too many AI configs"); + _ai_saveload_version = -1; SlObject(NULL, _ai_company); diff --git a/src/vehicle_cmd.cpp b/src/vehicle_cmd.cpp index eb9860d39c..75bc7999c1 100644 --- a/src/vehicle_cmd.cpp +++ b/src/vehicle_cmd.cpp @@ -517,10 +517,11 @@ CommandCost CmdDepotSellAllVehicles(TileIndex tile, DoCommandFlag flags, uint32 CommandCost cost(EXPENSES_NEW_VEHICLES); VehicleType vehicle_type = Extract(p1); - uint sell_command = GetCmdSellVeh(vehicle_type); if (!IsCompanyBuildableVehicleType(vehicle_type)) return CMD_ERROR; + uint sell_command = GetCmdSellVeh(vehicle_type); + /* Get the list of vehicles in the depot */ BuildDepotVehicleList(vehicle_type, tile, &list, &list);