Author: sveinung
Date: Sun Aug 16 10:38:30 2015
New Revision: 29545
URL: http://svn.gna.org/viewcvs/freeciv?rev=29545&view=rev
Log:
Validate action id range
Check that each action id loaded from a save game or received over the
network is valid.
See patch #6235
Modified:
branches/S2_6/client/packhand.c
branches/S2_6/server/unithand.c
Modified: branches/S2_6/client/packhand.c
URL:
http://svn.gna.org/viewcvs/freeciv/branches/S2_6/client/packhand.c?rev=29545&r1=29544&r2=29545&view=diff
==============================================================================
--- branches/S2_6/client/packhand.c (original)
+++ branches/S2_6/client/packhand.c Sun Aug 16 10:38:30 2015
@@ -3519,6 +3519,16 @@
{
struct action *act;
+ /* Action id is currently hard coded in the gen_action enum. It is
+ * therefore OK to use action_id_is_valid() */
+ if (!action_id_is_valid(p->id)) {
+ /* Action id out of range */
+ log_error("handle_ruleset_action() the action id %d is out of range.",
+ p->id);
+
+ return;
+ }
+
act = action_by_number(p->id);
sz_strlcpy(act->ui_name, p->ui_name);
@@ -3532,6 +3542,15 @@
{
struct action_enabler *enabler;
int i;
+
+ if (!action_id_is_valid(p->enabled_action)) {
+ /* Non existing action */
+ log_error("handle_ruleset_action_enabler() the action %d "
+ "doesn't exist.",
+ p->enabled_action);
+
+ return;
+ }
enabler = action_enabler_new();
@@ -3900,6 +3919,9 @@
/**************************************************************************
Handle the requested follow up question about an action
+
+ The action can be a valid action or the special value ACTION_COUNT.
+ ACTION_COUNT indicates that performing the action is impossible.
**************************************************************************/
void handle_unit_action_answer(int diplomat_id, int target_id, int cost,
enum gen_action action_type)
@@ -3908,6 +3930,16 @@
struct unit *punit = game_unit_by_number(target_id);
struct unit *pdiplomat = player_unit_by_number(client_player(),
diplomat_id);
+
+ if (ACTION_COUNT != action_type
+ && !action_id_is_valid(action_type)) {
+ /* Non existing action */
+ log_error("handle_unit_action_answer() the action %d doesn't exist.",
+ action_type);
+
+ choose_action_queue_next();
+ return;
+ }
if (!pdiplomat) {
log_debug("Bad actor %d.", diplomat_id);
Modified: branches/S2_6/server/unithand.c
URL:
http://svn.gna.org/viewcvs/freeciv/branches/S2_6/server/unithand.c?rev=29545&r1=29544&r2=29545&view=diff
==============================================================================
--- branches/S2_6/server/unithand.c (original)
+++ branches/S2_6/server/unithand.c Sun Aug 16 10:38:30 2015
@@ -949,6 +949,15 @@
struct unit *punit = game_unit_by_number(target_id);
struct city *pcity = game_city_by_number(target_id);
+ if (!action_id_is_valid(action_type)) {
+ /* Non existing action */
+ log_error("handle_unit_action_query() the action %d doesn't exist.",
+ action_type);
+
+ unit_query_impossible(pc, actor_id, target_id);
+ return;
+ }
+
if (NULL == pactor) {
/* Probably died or bribed. */
log_verbose("handle_unit_action_query() invalid actor %d",
@@ -1030,6 +1039,15 @@
struct tile *target_tile = index_to_tile(target_id);
struct unit *punit = game_unit_by_number(target_id);
struct city *pcity = game_city_by_number(target_id);
+
+ if (!(action_type == ACTION_MOVE
+ || action_id_is_valid(action_type))) {
+ /* Non existing action */
+ log_error("unit_perform_action() the action %d doesn't exist.",
+ action_type);
+
+ return;
+ }
if (NULL == actor_unit) {
/* Probably died or bribed. */
_______________________________________________
Freeciv-commits mailing list
Freeciv-commits@gna.org
https://mail.gna.org/listinfo/freeciv-commits
