Prerequisites

• I have searched for similar issues and confirmed this is not a duplicate

Game Version

• Command & Conquer Generals
• Command & Conquer Generals: Zero Hour
• Other (please specify below)

Bug Description

The current game lacks file content validation during map transfers. While file extension validation can prevent obviously malicious file types, an attacker could still craft malicious files with valid extensions (.map, .ini, .str, .wak) that contain unexpected or harmful data structures. Without content validation, the game may attempt to parse and execute malformed or malicious data.

Reproduction Steps

1. Initiate a map transfer in multiplayer
2. Transfer a file with a valid extension (.map, .ini, etc.) but malformed or malicious content
3. Observe that no validation is performed on the actual file contents before processing
4. The game attempts to parse the file without verifying its structure or contents

Additional Context

This is a security enhancement related to the map transfer system. Issue #272 identified security vulnerabilities in map file transfers, and PR #1058 addressed path traversal. However, additional layers of security are needed:

• File extension validation (proposed in Map transfer system lacks file extension validation #1816) - ensures only approved file types
• File content validation (this issue) - ensures transferred files contain valid, expected data structures

Content validation should verify:

• File headers match expected formats for each file type
• File sizes are within reasonable limits
• Data structures conform to expected schemas
• No embedded executable code or scripts in data files