From 5c403004743740ff94e2fa6ac3abcec406d56b22 Mon Sep 17 00:00:00 2001
From: Acruid <shatter66@gmail.com>
Date: Fri, 6 Sep 2019 16:28:21 -0700
Subject: [PATCH] Sanitize the OpenSlotStorageUIMessage handling on the server.

---
 .../GameObjects/Components/GUI/InventoryComponent.cs     | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/Content.Server/GameObjects/Components/GUI/InventoryComponent.cs b/Content.Server/GameObjects/Components/GUI/InventoryComponent.cs
index 833f06d54f..37542f6469 100644
--- a/Content.Server/GameObjects/Components/GUI/InventoryComponent.cs
+++ b/Content.Server/GameObjects/Components/GUI/InventoryComponent.cs
@@ -267,6 +267,7 @@ namespace Content.Server.GameObjects
             }
         }
 
+        /// <inheritdoc />
         public override void HandleMessage(ComponentMessage message, INetChannel netChannel = null,
             IComponent component = null)
         {
@@ -282,10 +283,12 @@ namespace Content.Server.GameObjects
                     if (playerentity == Owner)
                         HandleInventoryMessage(msg);
                     break;
+
                 case OpenSlotStorageUIMessage msg:
-                    ItemComponent item = GetSlotItem(msg.Slot);
-                    ServerStorageComponent storage;
-                    if (item.Owner.TryGetComponent(out storage))
+                    if (!HasSlot(msg.Slot)) // client input sanitization
+                        return;
+                    var item = GetSlotItem(msg.Slot);
+                    if (item != null && item.Owner.TryGetComponent(out ServerStorageComponent storage))
                         storage.OpenStorageUI(Owner);
                     break;
             }