--- netpanzer-0.8/src/NetPanzer/Classes/Network/ServerConnectDaemon.cpp.CVE-2006-2575 2004-11-09 12:30:29.000000000 +0100 +++ netpanzer-0.8/src/NetPanzer/Classes/Network/ServerConnectDaemon.cpp 2006-06-06 20:08:27.000000000 +0200 @@ -35,6 +35,7 @@ #include "SystemNetMessage.hpp" #include "ConsoleInterface.hpp" +#include "SelectionBoxSprite.hpp" #include "Util/Log.hpp" enum { _connect_state_idle, @@ -330,7 +331,13 @@ client_setting = (ConnectClientSettings *) message; connect_player_state->setName( client_setting->player_name ); connect_player_state->unit_config.setUnitColor( client_setting->unit_color ); - connect_player_state->setFlag( client_setting->getPlayerFlag() ); + if ( (client_setting->getPlayerFlag() < 0) || + (client_setting->getPlayerFlag() >= UNIT_FLAGS_SURFACE.getFrameCount()) ) + /* FIXME we realy should send an error to the client here, but + AFAIK there is no room in the current protocol for this */ + connect_player_state->setFlag( 0 ); + else + connect_player_state->setFlag( client_setting->getPlayerFlag() ); connect_player_state->setID( connect_player_id.getNetworkID() ); connect_player_state->setStatus( _player_state_connecting );