Index: common/packets.c =================================================================== RCS file: /home/freeciv/CVS/freeciv/common/packets.c,v retrieving revision 1.209 diff -u -r1.209 packets.c --- common/packets.c 2002/07/27 16:57:27 1.209 +++ common/packets.c 2002/07/29 10:44:47 @@ -1518,6 +1518,10 @@ pwl->wlids[length] = 0; } + if (length > MAX_LEN_WORKLIST) { + length = MAX_LEN_WORKLIST; + } + for (i = 0; i < length; i++) { iget_uint8(piter, (int *) &pwl->wlefs[i]); iget_uint8(piter, &pwl->wlids[i]); @@ -3536,8 +3540,14 @@ iget_string(&iter, packet->graphic_str, sizeof(packet->graphic_str)); iget_string(&iter, packet->graphic_alt, sizeof(packet->graphic_alt)); iget_uint8(&iter, &packet->leader_count); - for( i=0; ileader_count; i++ ) { - iget_string(&iter, packet->leader_name[i], sizeof(packet->leader_name[i])); + + if (packet->leader_count > MAX_NUM_LEADERS) { + packet->leader_count = MAX_NUM_LEADERS; + } + + for (i = 0; i < packet->leader_count; i++) { + iget_string(&iter, packet->leader_name[i], + sizeof(packet->leader_name[i])); iget_bool8(&iter, &packet->leader_sex[i]); } iget_uint8(&iter, &packet->city_style); @@ -3972,14 +3982,9 @@ RECEIVE_PACKET_START(packet_nations_used, packet); packet->num_nations_used = 0; - - for (;;) { - assert((pack_iter_remaining(&iter) % 2) == 0); - - if (pack_iter_remaining(&iter) == 0) { - break; - } + while (pack_iter_remaining(&iter) >= 2 && + packet->num_nations_used <= MAX_NUM_PLAYERS) { iget_uint16(&iter, &packet->nations_used[packet->num_nations_used]); packet->num_nations_used++; } Index: server/cityhand.c =================================================================== RCS file: /home/freeciv/CVS/freeciv/server/cityhand.c,v retrieving revision 1.114 diff -u -r1.114 cityhand.c --- server/cityhand.c 2002/06/12 07:24:48 1.114 +++ server/cityhand.c 2002/07/29 10:44:47 @@ -54,6 +54,10 @@ conn_description(pconn)); return; } + + if (!punit) { + return; + } freelog(LOG_VERBOSE, "handle_city_name_suggest_req(unit_pos=(%d,%d))", punit->x, punit->y); Index: server/maphand.c =================================================================== RCS file: /home/freeciv/CVS/freeciv/server/maphand.c,v retrieving revision 1.104 diff -u -r1.104 maphand.c --- server/maphand.c 2002/02/27 11:12:51 1.104 +++ server/maphand.c 2002/07/29 10:44:48 @@ -1201,10 +1201,16 @@ void handle_player_remove_vision(struct player *pplayer, struct packet_generic_integer *packet) { - struct player *pplayer2 = get_player(packet->value); - if (pplayer == pplayer2) return; - if (!pplayer2->is_alive) return; - if (!gives_shared_vision(pplayer, pplayer2)) return; + struct player *pplayer2; + + if (packet->value < 0 || packet->value >= game.nplayers) { + return; + } + pplayer2 = get_player(packet->value); + if (pplayer == pplayer2 || !pplayer2->is_alive + || !gives_shared_vision(pplayer, pplayer2)) { + return; + } remove_shared_vision(pplayer, pplayer2); notify_player(pplayer2, _("%s no longer gives us shared vision!"), Index: server/plrhand.c =================================================================== RCS file: /home/freeciv/CVS/freeciv/server/plrhand.c,v retrieving revision 1.239 diff -u -r1.239 plrhand.c --- server/plrhand.c 2002/07/24 15:58:09 1.239 +++ server/plrhand.c 2002/07/29 10:44:49 @@ -709,10 +709,11 @@ void handle_player_government(struct player *pplayer, struct packet_player_request *preq) { - if( pplayer->government!=game.government_when_anarchy || - !can_change_to_government(pplayer, preq->government) - ) + if (pplayer->government != game.government_when_anarchy || + preq->government < 0 || preq->government >= game.government_count || + !can_change_to_government(pplayer, preq->government)) { return; + } if((pplayer->revolution<=5) && (pplayer->revolution>0)) return; @@ -810,12 +811,19 @@ **************************************************************************/ void handle_player_cancel_pact(struct player *pplayer, int other_player) { - enum diplstate_type old_type = pplayer->diplstates[other_player].type; + enum diplstate_type old_type; enum diplstate_type new_type; - struct player *pplayer2 = &game.players[other_player]; + struct player *pplayer2; int reppenalty = 0; - bool has_senate = - government_has_flag(get_gov_pplayer(pplayer), G_HAS_SENATE); + bool has_senate; + + if (other_player < 0 || other_player >= game.nplayers) { + return; + } + + old_type = pplayer->diplstates[other_player].type; + pplayer2 = get_player(other_player); + has_senate = government_has_flag(get_gov_pplayer(pplayer), G_HAS_SENATE); /* can't break a pact with yourself */ if (pplayer == pplayer2) Index: server/srv_main.c =================================================================== RCS file: /home/freeciv/CVS/freeciv/server/srv_main.c,v retrieving revision 1.87 diff -u -r1.87 srv_main.c --- server/srv_main.c 2002/07/27 17:10:54 1.87 +++ server/srv_main.c 2002/07/29 10:44:51 @@ -916,6 +916,10 @@ "of SELECT_RACES_STATE!")); return; } + + if (packet->nation_no < 0 || packet->nation_no >= game.nation_count) { + return; + } remove_leading_trailing_spaces(packet->name); Index: server/unithand.c =================================================================== RCS file: /home/freeciv/CVS/freeciv/server/unithand.c,v retrieving revision 1.228 diff -u -r1.228 unithand.c --- server/unithand.c 2002/07/18 08:58:59 1.228 +++ server/unithand.c 2002/07/29 10:44:52 @@ -344,12 +344,13 @@ struct packet_unit_request *req) { struct unit *punit = player_find_unit_by_id(pplayer, req->unit_id); - struct city *old_pcity = player_find_city_by_id(pplayer, punit->homecity); - struct city *new_pcity = player_find_city_by_id(pplayer, req->city_id); + struct city *old_pcity, *new_pcity = + player_find_city_by_id(pplayer, req->city_id); - if(!punit || !new_pcity) { - return; + if (!punit || !new_pcity) { + return; } + old_pcity = player_find_city_by_id(pplayer, punit->homecity); unit_list_insert(&new_pcity->units_supported, punit); if (old_pcity) {