Menu
▾
▴
#16 erroneous conversion from signed to unsigned int allows to circumvent MaxRadarRange
In fg_server.cxx line 814/815 and 1398/1399 the erroneous conversion from signed to unsigned int allows the client to circumvent the MaxRadarRange limit:
if ( tmp->High <= m_MaxRadarRange )
NewPlayer.RadarRange = tmp->High;
If the client transmits a negative value for the requested radar range e.g. tmp->High = -1 then the if statement yields true and -1 is implicit converted and assigned to unsigned int (uint16_t) variable FG_Player::RadarRange as 65535, meaning all aircraft (independent of distance) are transmitted to the client.
RadarRange should not be negative, so a client should not be able to transmit a negative value. However, the conversion is false and I fixed it using only unsigned ints.
It does not prevent a client from setting the radar range to 65535, though.
Fixed in 0.13.8 (upcoming release)