Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: Insufficient input validation for CmdIndustryCtrl. #9711

Merged
merged 1 commit into from Nov 20, 2021

Conversation

@michicc
Copy link
Member

@michicc michicc commented Nov 20, 2021

Motivation / Problem / Description

An invalid action parameter to CmdIndustryCtrl could trigger a NOT_REACHED, which a malicious client could use to crash a server.

Return CMD_ERROR instead to avoid this.

Checklist for review

Some things are not automated, and forgotten often. This list is a reminder for the reviewers.

  • The bug fix is important enough to be backported? (label: 'backport requested')
  • This PR touches english.txt or translations? Check the guidelines
  • This PR affects the save game format? (label 'savegame upgrade')
  • This PR affects the GS/AI API? (label 'needs review: Script API')
    • ai_changelog.hpp, gs_changelog.hpp need updating.
    • The compatibility wrappers (compat_*.nut) need updating.
  • This PR affects the NewGRF API? (label 'needs review: NewGRF')
An invalid action could be used to crash the server.
@michicc michicc merged commit 20a3082 into OpenTTD:master Nov 20, 2021
16 checks passed
@michicc michicc deleted the pr/nr_ind_command branch Nov 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants