From a44324abe1b7a6d30f7b1adda6e9ce4c8c42bd65 Mon Sep 17 00:00:00 2001 From: Kp Date: Sun, 29 May 2022 19:37:58 +0000 Subject: [PATCH] Tighten net_udp player index check --- similar/main/net_udp.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/similar/main/net_udp.cpp b/similar/main/net_udp.cpp index 01b0eb997..48dca388e 100644 --- a/similar/main/net_udp.cpp +++ b/similar/main/net_udp.cpp @@ -5490,10 +5490,13 @@ void net_udp_send_mdata(int needack, fix64 time) void net_udp_process_mdata(uint8_t *data, uint_fast32_t data_len, const _sockaddr &sender_addr, int needack) { - int pnum = data[1], dataoffset = (needack?6:2); + const unsigned pnum = data[1]; + const unsigned dataoffset = needack ? 6 : 2; // Check if packet might be bogus - if ((pnum < 0) || (data_len > sizeof(UDP_mdata_info))) + if (pnum >= MAX_PLAYERS) + return; + if (data_len > sizeof(UDP_mdata_info)) return; // Check if it came from valid IP