diff options
-rw-r--r-- | src/cmumble.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/cmumble.c b/src/cmumble.c index c566780..760486f 100644 --- a/src/cmumble.c +++ b/src/cmumble.c @@ -153,6 +153,9 @@ recv_user_state(MumbleProto__UserState *state, struct cmumble *cm) { struct cmumble_user *user = NULL; + if (!state->has_session) + return; + user = find_user(cm, state->session); if (user) { /* update */ @@ -163,6 +166,10 @@ recv_user_state(MumbleProto__UserState *state, struct cmumble *cm) return; } + /* verify input data */ + if (!state->has_user_id || !state->has_channel_id || !state->name) + return; + user = g_slice_new0(struct cmumble_user); if (user == NULL) { g_printerr("Out of memory.\n"); @@ -172,6 +179,8 @@ recv_user_state(MumbleProto__UserState *state, struct cmumble *cm) user->session = state->session; user->name = g_strdup(state->name); user->id = state->user_id; + /* FIXME: error out if channel not found? + * That looks like malicious data. */ user->channel = find_channel(cm, state->channel_id); if (cm->session == user->session) |