Author: sveinung Date: Sun Aug 16 10:38:30 2015 New Revision: 29545 URL: http://svn.gna.org/viewcvs/freeciv?rev=29545&view=rev Log: Validate action id range
Check that each action id loaded from a save game or received over the network is valid. See patch #6235 Modified: branches/S2_6/client/packhand.c branches/S2_6/server/unithand.c Modified: branches/S2_6/client/packhand.c URL: http://svn.gna.org/viewcvs/freeciv/branches/S2_6/client/packhand.c?rev=29545&r1=29544&r2=29545&view=diff ============================================================================== --- branches/S2_6/client/packhand.c (original) +++ branches/S2_6/client/packhand.c Sun Aug 16 10:38:30 2015 @@ -3519,6 +3519,16 @@ { struct action *act; + /* Action id is currently hard coded in the gen_action enum. It is + * therefore OK to use action_id_is_valid() */ + if (!action_id_is_valid(p->id)) { + /* Action id out of range */ + log_error("handle_ruleset_action() the action id %d is out of range.", + p->id); + + return; + } + act = action_by_number(p->id); sz_strlcpy(act->ui_name, p->ui_name); @@ -3532,6 +3542,15 @@ { struct action_enabler *enabler; int i; + + if (!action_id_is_valid(p->enabled_action)) { + /* Non existing action */ + log_error("handle_ruleset_action_enabler() the action %d " + "doesn't exist.", + p->enabled_action); + + return; + } enabler = action_enabler_new(); @@ -3900,6 +3919,9 @@ /************************************************************************** Handle the requested follow up question about an action + + The action can be a valid action or the special value ACTION_COUNT. + ACTION_COUNT indicates that performing the action is impossible. **************************************************************************/ void handle_unit_action_answer(int diplomat_id, int target_id, int cost, enum gen_action action_type) @@ -3908,6 +3930,16 @@ struct unit *punit = game_unit_by_number(target_id); struct unit *pdiplomat = player_unit_by_number(client_player(), diplomat_id); + + if (ACTION_COUNT != action_type + && !action_id_is_valid(action_type)) { + /* Non existing action */ + log_error("handle_unit_action_answer() the action %d doesn't exist.", + action_type); + + choose_action_queue_next(); + return; + } if (!pdiplomat) { log_debug("Bad actor %d.", diplomat_id); Modified: branches/S2_6/server/unithand.c URL: http://svn.gna.org/viewcvs/freeciv/branches/S2_6/server/unithand.c?rev=29545&r1=29544&r2=29545&view=diff ============================================================================== --- branches/S2_6/server/unithand.c (original) +++ branches/S2_6/server/unithand.c Sun Aug 16 10:38:30 2015 @@ -949,6 +949,15 @@ struct unit *punit = game_unit_by_number(target_id); struct city *pcity = game_city_by_number(target_id); + if (!action_id_is_valid(action_type)) { + /* Non existing action */ + log_error("handle_unit_action_query() the action %d doesn't exist.", + action_type); + + unit_query_impossible(pc, actor_id, target_id); + return; + } + if (NULL == pactor) { /* Probably died or bribed. */ log_verbose("handle_unit_action_query() invalid actor %d", @@ -1030,6 +1039,15 @@ struct tile *target_tile = index_to_tile(target_id); struct unit *punit = game_unit_by_number(target_id); struct city *pcity = game_city_by_number(target_id); + + if (!(action_type == ACTION_MOVE + || action_id_is_valid(action_type))) { + /* Non existing action */ + log_error("unit_perform_action() the action %d doesn't exist.", + action_type); + + return; + } if (NULL == actor_unit) { /* Probably died or bribed. */ _______________________________________________ Freeciv-commits mailing list Freeciv-commits@gna.org https://mail.gna.org/listinfo/freeciv-commits