Patch for CVE-2009-3591 -- bug 288295. Fetched from upstream SVN: http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1033&r2=1032&pathrev=1033 --- dopewars/trunk/src/serverside.c 2009/03/10 07:18:49 1032 +++ dopewars/trunk/src/serverside.c 2009/10/05 04:11:32 1033 @@ -504,6 +504,12 @@ break; case C_REQUESTJET: i = atoi(Data); + /* Make sure value is within range */ + if (i < 0 || i >= NumLocation) { + dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"), + GetPlayerName(Play), Data); + break; + } if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) { if (CanRunHere(Play)) { break;