Subject: fix for vulnerability CVE-2010-2534 for OpenTTD 1.0.1 - 1.0.2 (Denial of service (server) via infinite loop)
From: OpenTTD developer team <info@openttd.org>
Origin: backport, http://vcs.openttd.org/svn/changeset/20035 
Bug: http://bugs.openttd.org/task/3909 

When multiple commands are queued (at the server) for execution in the next
game tick and an client joins the server can get into an infinite loop.

With the default settings triggering this bug is difficult (if not
impossible), however the larger value of the "frame_freq" setting is easier
it is to trigger the bug.

To trigger this bug in a server there must be enough activity on the server,
that is commands being sent to the server for execution. Furthermore the
joining client that triggers the bug must know the server password if there
is a server password and there must be place for the new client.

Index: src/network/network_command.cpp
===================================================================
--- src/network/network_command.cpp	(revision 20035)
+++ src/network/network_command.cpp	(working copy)
@@ -141,6 +141,7 @@
 	for (CommandPacket *p = _local_command_queue; p != NULL; p = p->next) {
 		CommandPacket c = *p;
 		c.callback = 0;
+		c.next = NULL;
 		NetworkAddCommandQueue(c, cs);
 	}
 }