From dd5ddf07a4df7be96b2005b59738d10a7786c491 Mon Sep 17 00:00:00 2001
From: heinrich5991 <heinrich5991@gmail.com>
Date: Mon, 11 Mar 2024 17:50:12 +0100
Subject: [PATCH 1/2] Disconnect when we get map change with invalid parameters

This is the only sane thing we can do, the server will have changed its
map and we can't pretend to still be on the old one.
---
 src/engine/client/client.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/engine/client/client.cpp b/src/engine/client/client.cpp
index 721a309b6..e95cbf46f 100644
--- a/src/engine/client/client.cpp
+++ b/src/engine/client/client.cpp
@@ -1372,15 +1372,21 @@ void CClient::ProcessServerPacket(CNetChunk *pPacket, int Conn, bool Dummy)
 			const char *pMap = Unpacker.GetString(CUnpacker::SANITIZE_CC | CUnpacker::SKIP_START_WHITESPACES);
 			int MapCrc = Unpacker.GetInt();
 			int MapSize = Unpacker.GetInt();
-			if(Unpacker.Error() || MapSize < 0)
+			if(Unpacker.Error())
 			{
 				return;
 			}
+			if(MapSize < 0 || MapSize > 1024 * 1024 * 1024) // 1 GiB
+			{
+				DisconnectWithReason("invalid map size");
+				return;
+			}
 
 			for(int i = 0; pMap[i]; i++) // protect the player from nasty map names
 			{
 				if(pMap[i] == '/' || pMap[i] == '\\')
 				{
+					DisconnectWithReason("strange character in map name");
 					return;
 				}
 			}

From 8108cb04fd315a810d89dad8e65ee194c93d9c84 Mon Sep 17 00:00:00 2001
From: heinrich5991 <heinrich5991@gmail.com>
Date: Mon, 11 Mar 2024 17:50:51 +0100
Subject: [PATCH 2/2] Inform HTTP map download of the map size

---
 src/engine/client/client.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/engine/client/client.cpp b/src/engine/client/client.cpp
index e95cbf46f..6358cb8f1 100644
--- a/src/engine/client/client.cpp
+++ b/src/engine/client/client.cpp
@@ -1447,7 +1447,7 @@ void CClient::ProcessServerPacket(CNetChunk *pPacket, int Conn, bool Dummy)
 
 					m_pMapdownloadTask = HttpGetFile(pMapUrl ? pMapUrl : aUrl, Storage(), m_aMapdownloadFilenameTemp, IStorage::TYPE_SAVE);
 					m_pMapdownloadTask->Timeout(CTimeout{g_Config.m_ClMapDownloadConnectTimeoutMs, 0, g_Config.m_ClMapDownloadLowSpeedLimit, g_Config.m_ClMapDownloadLowSpeedTime});
-					m_pMapdownloadTask->MaxResponseSize(1024 * 1024 * 1024); // 1 GiB
+					m_pMapdownloadTask->MaxResponseSize(MapSize);
 					m_pMapdownloadTask->ExpectSha256(*pMapSha256);
 					Http()->Run(m_pMapdownloadTask);
 				}