Check password hash validity

src/base64.cpp

@@ -38,6 +38,13 @@ static inline bool is_base64(unsigned char c) {
   return (isalnum(c) || (c == '+') || (c == '/'));
 }
 
+bool base64_is_valid(std::string const& s)
+{
+	for(int i=0; i<s.size(); i++)
+		if(!is_base64(s[i])) return false;
+	return true;
+}
+
 std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
   std::string ret;
   int i = 0;

src/base64.h

@@ -1,4 +1,5 @@
 #include <string>
 
+bool base64_is_valid(std::string const& s);
 std::string base64_encode(unsigned char const* , unsigned int len);
 std::string base64_decode(std::string const& s);

src/server.cpp

@@ -39,6 +39,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 #include "settings.h"
 #include "profiler.h"
 #include "log.h"
+#include "base64.h"
 
 #define PP(x) "("<<(x).X<<","<<(x).Y<<","<<(x).Z<<")"
 
@@ -1962,6 +1963,12 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
 				password[PASSWORD_SIZE-1] = 0;
 		}
 
+		if(!base64_is_valid(password)){
+			infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
+			SendAccessDenied(m_con, peer_id, L"Invalid password hash");
+			return;
+		}
+		
 		std::string checkpwd;
 		if(m_authmanager.exists(playername))
 		{
@@ -3265,6 +3272,13 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
 			newpwd += c;
 		}
 
+		if(!base64_is_valid(newpwd)){
+			infostream<<"Server: "<<player->getName()<<" supplied invalid password hash"<<std::endl;
+			// Wrong old password supplied!!
+			SendChatMessage(peer_id, L"Invalid new password hash supplied. Password NOT changed.");
+			return;
+		}
+
 		infostream<<"Server: Client requests a password change from "
 				<<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;