From 294d6b9f8f77408404effdfd63ee36184db58619 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sun, 26 Aug 2007 17:41:02 +0000 Subject: [PATCH] fixed amb834 - command callbacks could potentially occur on invalid clients in very rare cases --HG-- extra : convert_revision : svn%3A39bc706e-5318-0410-9160-8a85361fbb7c/trunk%401375 --- core/ConCmdManager.cpp | 21 ++++++++++++++++----- core/PlayerManager.cpp | 12 +++++++++--- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/core/ConCmdManager.cpp b/core/ConCmdManager.cpp index ba34f4f7..c8d4a768 100644 --- a/core/ConCmdManager.cpp +++ b/core/ConCmdManager.cpp @@ -203,6 +203,17 @@ ResultType ConCmdManager::DispatchClientCommand(int client, const char *cmd, int void ConCmdManager::InternalDispatch() { + int client = m_CmdClient; + + if (client) + { + CPlayer *pPlayer = g_Players.GetPlayerByIndex(client); + if (!pPlayer || !pPlayer->IsConnected()) + { + return; + } + } + /** * Note: Console commands will EITHER go through IServerGameDLL::ClientCommand, * OR this dispatch. They will NEVER go through both. @@ -225,7 +236,7 @@ void ConCmdManager::InternalDispatch() CmdHook *pHook; /* Execute server-only commands if viable */ - if (m_CmdClient == 0 && pInfo->srvhooks.size()) + if (client == 0 && pInfo->srvhooks.size()) { cell_t tempres = result; for (iter=pInfo->srvhooks.begin(); @@ -275,9 +286,9 @@ void ConCmdManager::InternalDispatch() { continue; } - if (m_CmdClient + if (client && pHook->pAdmin - && !CheckAccess(m_CmdClient, cmd, pHook->pAdmin)) + && !CheckAccess(client, cmd, pHook->pAdmin)) { if (result < Pl_Handled) { @@ -289,11 +300,11 @@ void ConCmdManager::InternalDispatch() /* On a listen server, sometimes the server host's client index can be set as 0. * So index 1 is passed to the command callback to correct this potential problem. */ - if (m_CmdClient == 0 && !engine->IsDedicatedServer()) + if (client == 0 && !engine->IsDedicatedServer()) { pHook->pf->PushCell(1); } else { - pHook->pf->PushCell(m_CmdClient); + pHook->pf->PushCell(client); } pHook->pf->PushCell(args); diff --git a/core/PlayerManager.cpp b/core/PlayerManager.cpp index fdab26e7..b49437aa 100644 --- a/core/PlayerManager.cpp +++ b/core/PlayerManager.cpp @@ -549,6 +549,15 @@ void PlayerManager::OnClientDisconnect_Post(edict_t *pEntity) void PlayerManager::OnClientCommand(edict_t *pEntity) { + int client = engine->IndexOfEdict(pEntity); + cell_t res = Pl_Continue; + + CPlayer *pPlayer = GetPlayerByIndex(client); + if (!pPlayer || !pPlayer->IsConnected()) + { + return; + } + /** * We cache this because the engine is not re-entrant. */ @@ -556,9 +565,6 @@ void PlayerManager::OnClientCommand(edict_t *pEntity) int args = engine->Cmd_Argc() - 1; strncopy(cmd, engine->Cmd_Argv(0), sizeof(cmd)); - int client = engine->IndexOfEdict(pEntity); - cell_t res = Pl_Continue; - bool result = g_ValveMenuStyle.OnClientCommand(client, cmd); if (result) {