SetTeam fix from Martin Doucha.

"Actually, client->ps.clientNum is unsafe. We had a little hunt for this some time ago in Tremulous last year (it caused kick failures, annoying popup windows and other nasty bugs). The problem is that a following spectator gets full copy of client->ps of the followed player including clientNum. If you then try to use this "shared" clientNum, you might affect someone else than you wanted. r1019 changes are safe as long as bots don't spectate players. However, a brief grep on current code has revealed unsafe client->ps.clientNum usage in SetTeam(). If a following spectator uses team command when forced balance is on, it'll count teams incorrectly and send the error message to the followed player instead. Here's the fix." Fixes Bugzilla #2986.
2024-12-13 13:40:56 +00:00 · 2009-09-14 15:45:52 +00:00 · 2009-09-14 15:45:52 +00:00 · af303a4813
commit af303a4813
parent 64a0a078d2
1 changed files with 4 additions and 4 deletions
--- a/code/game/g_cmds.c
+++ b/code/game/g_cmds.c
@ -523,17 +523,17 @@ void SetTeam( gentity_t *ent, char *s ) {
 		if ( g_teamForceBalance.integer  ) {
 			int		counts[TEAM_NUM_TEAMS];

-			counts[TEAM_BLUE] = TeamCount( ent->client->ps.clientNum, TEAM_BLUE );
-			counts[TEAM_RED] = TeamCount( ent->client->ps.clientNum, TEAM_RED );
+			counts[TEAM_BLUE] = TeamCount( clientNum, TEAM_BLUE );
+			counts[TEAM_RED] = TeamCount( clientNum, TEAM_RED );

 			// We allow a spread of two
 			if ( team == TEAM_RED && counts[TEAM_RED] - counts[TEAM_BLUE] > 1 ) {
-				trap_SendServerCommand( ent->client->ps.clientNum, 
+				trap_SendServerCommand( clientNum, 
 					"cp \"Red team has too many players.\n\"" );
 				return; // ignore the request
 			}
 			if ( team == TEAM_BLUE && counts[TEAM_BLUE] - counts[TEAM_RED] > 1 ) {
-				trap_SendServerCommand( ent->client->ps.clientNum, 
+				trap_SendServerCommand( clientNum, 
 					"cp \"Blue team has too many players.\n\"" );
 				return; // ignore the request
 			}