Check password hash validity

This commit is contained in:
Perttu Ahola 2012-06-03 20:32:44 +03:00
parent 073964a12f
commit 30cbdb0981
3 changed files with 22 additions and 0 deletions

@ -38,6 +38,13 @@ static inline bool is_base64(unsigned char c) {
return (isalnum(c) || (c == '+') || (c == '/'));
}
bool base64_is_valid(std::string const& s)
{
for(int i=0; i<s.size(); i++)
if(!is_base64(s[i])) return false;
return true;
}
std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
std::string ret;
int i = 0;

@ -1,4 +1,5 @@
#include <string>
bool base64_is_valid(std::string const& s);
std::string base64_encode(unsigned char const* , unsigned int len);
std::string base64_decode(std::string const& s);

@ -39,6 +39,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
#include "settings.h"
#include "profiler.h"
#include "log.h"
#include "base64.h"
#define PP(x) "("<<(x).X<<","<<(x).Y<<","<<(x).Z<<")"
@ -1961,6 +1962,12 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
}
password[PASSWORD_SIZE-1] = 0;
}
if(!base64_is_valid(password)){
infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
SendAccessDenied(m_con, peer_id, L"Invalid password hash");
return;
}
std::string checkpwd;
if(m_authmanager.exists(playername))
@ -3265,6 +3272,13 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
newpwd += c;
}
if(!base64_is_valid(newpwd)){
infostream<<"Server: "<<player->getName()<<" supplied invalid password hash"<<std::endl;
// Wrong old password supplied!!
SendChatMessage(peer_id, L"Invalid new password hash supplied. Password NOT changed.");
return;
}
infostream<<"Server: Client requests a password change from "
<<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;