From 5a225a70b990c1a700f31b385da201408576139e Mon Sep 17 00:00:00 2001 From: Sandu Liviu Catalin Date: Tue, 14 Jun 2016 02:34:04 +0300 Subject: [PATCH] Validate identifiers obtained from the server before using them. Prevent aout_of_range exceptions from leaking to the script in case the server returns a negative identifier. Thus, resulting in a server crash since Squirrel would not know how to handle them. --- source/Entity/Player.cpp | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/source/Entity/Player.cpp b/source/Entity/Player.cpp index 9ec53ddc..b5a8638f 100644 --- a/source/Entity/Player.cpp +++ b/source/Entity/Player.cpp @@ -886,8 +886,16 @@ Object & CPlayer::GetVehicle() const { // Validate the managed identifier Validate(); - // Return the requested information - return Core::Get().GetVehicle(_Func->GetPlayerVehicleId(m_ID)).mObj; + // Retrieve the identifier of the vehicle + const Int32 id = _Func->GetPlayerVehicleId(m_ID); + // Validate the obtained identifier + if (VALID_ENTITYEX(id, SQMOD_VEHICLE_POOL)) + { + // Return the requested information + return Core::Get().GetVehicle(id).mObj; + } + // Default to a null object + return NullObject(); } // ------------------------------------------------------------------------------------------------ @@ -1070,8 +1078,16 @@ Object & CPlayer::StandingOnVehicle() const { // Validate the managed identifier Validate(); - // Return the requested information - return Core::Get().GetVehicle(_Func->GetPlayerStandingOnVehicle(m_ID)).mObj; + // Retrieve the identifier of the vehicle + const Int32 id = _Func->GetPlayerStandingOnVehicle(m_ID); + // Validate the obtained identifier + if (VALID_ENTITYEX(id, SQMOD_VEHICLE_POOL)) + { + // Return the requested information + return Core::Get().GetVehicle(id).mObj; + } + // Default to a null object + return NullObject(); } // ------------------------------------------------------------------------------------------------ @@ -1079,8 +1095,16 @@ Object & CPlayer::StandingOnObject() const { // Validate the managed identifier Validate(); - // Return the requested information - return Core::Get().GetObject(_Func->GetPlayerStandingOnObject(m_ID)).mObj; + // Retrieve the identifier of the object + const Int32 id = _Func->GetPlayerStandingOnObject(m_ID); + // Validate the obtained identifier + if (VALID_ENTITYEX(id, SQMOD_OBJECT_POOL)) + { + // Return the requested information + return Core::Get().GetObject(id).mObj; + } + // Default to a null object + return NullObject(); } // ------------------------------------------------------------------------------------------------