[teeworlds] some fixes

From: Tom Adams <Tom_Adams@xxxxxx>
To: teeworlds@xxxxxxxxxxxxx
Date: Sun, 22 Nov 2009 23:14:14 +0100
Hi,

our server crashed few times this week. It would be great if you could add the 
following fixes (especially the third one) to the 0.5 source branch so we're 
allowed to update the pure server and prevent those bugs from happening there. 
Thanks in advance.
(patches are for 0.5 rev 1992)

1.
Bug in kick

Description:
When someone accidentally uses id=16 in kick command the server will crash.

Patch:
diff -Nru teeworlds-0.5.2-src/src/engine/server/es_server.c 
kick-fix/src/engine/server/es_server.c
--- teeworlds-0.5.2-src/src/engine/server/es_server.c   2009-10-26 
19:04:30.000000000 +0100
+++ kick-fix/src/engine/server/es_server.c      2009-11-22 20:56:44.000000000 
+0000
@@ -303,7 +303,7 @@
 
 void server_kick(int client_id, const char *reason)
 {
-       if(client_id < 0 || client_id > MAX_CLIENTS)
+       if(client_id < 0 || client_id >= MAX_CLIENTS)
                return;
                
        if(clients[client_id].state != SRVCLIENT_STATE_EMPTY)


------------------------------------------------
------------------------------------------------

2.
Bug in ban

Description:
When someone accidentally uses id=16 in ban command the server might crash.

Patch:
diff -Nru teeworlds-0.5.2-src/src/engine/server/es_server.c 
ban-fix/src/engine/server/es_server.c
--- teeworlds-0.5.2-src/src/engine/server/es_server.c   2009-10-26 
19:04:30.000000000 +0100
+++ ban-fix/src/engine/server/es_server.c       2009-11-22 21:01:45.000000000 
+0000
@@ -1244,7 +1244,7 @@
                NETADDR addr;
                int cid = atoi(str);
 
-               if(cid < 0 || cid > MAX_CLIENTS || clients[cid].state == 
SRVCLIENT_STATE_EMPTY)
+               if(cid < 0 || cid >= MAX_CLIENTS || clients[cid].state == 
SRVCLIENT_STATE_EMPTY)
                {
                        dbg_msg("server", "invalid client id");
                        return;


------------------------------------------------
------------------------------------------------

3.
Bug in network

Description:
If an invalid(too small) connless packet got received, the server will crash.

Patch:
diff -Nru teeworlds-0.5.2-src/src/engine/e_network.c 
crash-fix/src/engine/e_network.c
--- teeworlds-0.5.2-src/src/engine/e_network.c  2009-10-26 19:04:30.000000000 
+0100
+++ crash-fix/src/engine/e_network.c    2009-11-22 21:08:38.000000000 +0000
@@ -224,6 +224,12 @@
 
        if(packet->flags&NET_PACKETFLAG_CONNLESS)
        {
+               /* check the size of connless packet */
+               if(size < 6)
+               {
+                       dbg_msg("", "connless packet too small, %d", size);
+                       return -1;
+               }
                packet->flags = NET_PACKETFLAG_CONNLESS;
                packet->ack = 0;
                packet->num_chunks = 0;


------------------------------------------------
------------------------------------------------

kind regards,

Oy
______________________________________________________
GRATIS für alle WEB.DE-Nutzer: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://movieflat.web.de
[teeworlds] some fixes

Other related posts:
