Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: Insufficient input validation for CmdIndustryCtrl. #9711

Merged
merged 1 commit into from Nov 20, 2021
Merged

Fix: Insufficient input validation for CmdIndustryCtrl. #9711

merged 1 commit into from Nov 20, 2021

Conversation

michicc
Copy link
Member

@michicc michicc commented Nov 20, 2021
edited

Motivation / Problem / Description

An invalid action parameter to CmdIndustryCtrl could trigger a NOT_REACHED, which a malicious client could use to crash a server.

Return CMD_ERROR instead to avoid this.

Checklist for review

Some things are not automated, and forgotten often. This list is a reminder for the reviewers.

  • The bug fix is important enough to be backported? (label: 'backport requested')
  • This PR touches english.txt or translations? Check the guidelines
  • This PR affects the save game format? (label 'savegame upgrade')
  • This PR affects the GS/AI API? (label 'needs review: Script API')
    • ai_changelog.hpp, gs_changelog.hpp need updating.
    • The compatibility wrappers (compat_*.nut) need updating.
  • This PR affects the NewGRF API? (label 'needs review: NewGRF')

@michicc
Fix: Insufficient input validation for CmdIndustryCtrl.
df3637f 
An invalid action could be used to crash the server.
@TrueBrain TrueBrain added the backport requested This PR should be backport to current release (RC / stable) label Nov 20, 2021
@michicc michicc merged commit 20a3082 into OpenTTD:master Nov 20, 2021
@michicc michicc deleted the pr/nr_ind_command branch November 20, 2021 22:27
TrueBrain pushed a commit to TrueBrain/OpenTTD that referenced this pull request Jan 3, 2022
@michicc @TrueBrain
Fix: Insufficient input validation for CmdIndustryCtrl. (OpenTTD#9711)
feea8fd
@TrueBrain TrueBrain mentioned this pull request Jan 3, 2022
Merged
TrueBrain pushed a commit that referenced this pull request Jan 5, 2022
@michicc @TrueBrain
Fix: Insufficient input validation for CmdIndustryCtrl. (#9711)
94dfd1d
@TrueBrain TrueBrain added backported This PR is backported to a current release (RC / stable) and removed backport requested This PR should be backport to current release (RC / stable) labels Jan 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TrueBrain TrueBrain TrueBrain approved these changes

Assignees
No one assigned
Labels
backported This PR is backported to a current release (RC / stable)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@michicc @TrueBrain