jeirmeister/Cockatrice
1
0
Fork 0
mirror of https://github.com/Cockatrice/Cockatrice.git synced 2026-06-26 00:23:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Prevent user counter IDs from colliding with reserved range

Browse source 
In non-Commander games, newCounterId() could return 8 or 9, colliding
  with reserved commander tax counter IDs. A malicious client could
  exploit this via cmd_set_counter_active. Now user counters always
  start at ID 10+.
This commit is contained in:
DawnFire42 2026-06-15 11:12:36 -04:00
parent eddf2c3072
commit 2ad18e2d8b
No known key found for this signature in database
GPG key ID: 24BB855EE2911B33
2 changed files with 8 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

3
libcockatrice_network/libcockatrice/network/server/remote/game/server_player.cpp
View file

@ -74,7 +74,8 @@ int Server_Player::newCounterId() const
id = c->getId();
}
}
return id + 1;
// Skip reserved IDs 0-9 even in non-Commander games to prevent collision
return std::max(id + 1, CounterIds::FirstUserId);
}
void Server_Player::setupZones()