forked from Mirrorlandia_minetest/minetest
Compare commits
5 Commits
master
...
stable-0.3
| Author | SHA1 | Date | |
|---|---|---|---|
|
1a3d25c5ad | ||
|
|
30cbdb0981 | ||
|
|
073964a12f | ||
|
|
d7442aecbe | ||
|
|
1596628850 |
@ -10,7 +10,7 @@ project(minetest)
|
||||
# Also remember to set PROTOCOL_VERSION in clientserver.h when releasing
|
||||
set(VERSION_MAJOR 0)
|
||||
set(VERSION_MINOR 3)
|
||||
set(VERSION_PATCH 1)
|
||||
set(VERSION_PATCH 3)
|
||||
set(VERSION_STRING "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}")
|
||||
|
||||
MESSAGE(STATUS "*** Will build version ${VERSION_STRING} ***")
|
||||
|
||||
@ -3,6 +3,13 @@ Minetest-c55 changelog
|
||||
This should contain all the major changes.
|
||||
For minor stuff, refer to the commit log of the repository.
|
||||
|
||||
0.3.3: (tagged on 2013-03-05)
|
||||
- Fix a password-related vulnerability (late backport from some early 0.4)
|
||||
|
||||
0.3.2: (tagged on 2012-05-12)
|
||||
- Include unistd.h in filesys.cpp
|
||||
- Add wooden planks to creative inventory
|
||||
|
||||
0.3.1: (released on 2011-11-09)
|
||||
- Fix frustum culling (previous versions have rendered too much stuff that is not actually visible (about 180 degrees, while should have been more like 100.))
|
||||
- Add occlusion culling (improves performance a lot)
|
||||
|
||||
@ -38,6 +38,13 @@ static inline bool is_base64(unsigned char c) {
|
||||
return (isalnum(c) || (c == '+') || (c == '/'));
|
||||
}
|
||||
|
||||
bool base64_is_valid(std::string const& s)
|
||||
{
|
||||
for(int i=0; i<s.size(); i++)
|
||||
if(!is_base64(s[i])) return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
|
||||
std::string ret;
|
||||
int i = 0;
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
#include <string>
|
||||
|
||||
bool base64_is_valid(std::string const& s);
|
||||
std::string base64_encode(unsigned char const* , unsigned int len);
|
||||
std::string base64_decode(std::string const& s);
|
||||
|
||||
@ -505,6 +505,7 @@ void craft_set_creative_inventory(Player *player)
|
||||
CONTENT_CLAY,
|
||||
CONTENT_BRICK,
|
||||
CONTENT_TREE,
|
||||
CONTENT_WOOD,
|
||||
CONTENT_LEAVES,
|
||||
CONTENT_CACTUS,
|
||||
CONTENT_PAPYRUS,
|
||||
|
||||
@ -171,6 +171,7 @@ bool RecursiveDelete(std::string path)
|
||||
#include <errno.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
|
||||
std::vector<DirListNode> GetDirListing(std::string pathstring)
|
||||
{
|
||||
|
||||
@ -39,6 +39,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
#include "settings.h"
|
||||
#include "profiler.h"
|
||||
#include "log.h"
|
||||
#include "base64.h"
|
||||
|
||||
#define PP(x) "("<<(x).X<<","<<(x).Y<<","<<(x).Z<<")"
|
||||
|
||||
@ -1961,6 +1962,12 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
|
||||
}
|
||||
password[PASSWORD_SIZE-1] = 0;
|
||||
}
|
||||
|
||||
if(!base64_is_valid(password)){
|
||||
infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
|
||||
SendAccessDenied(m_con, peer_id, L"Invalid password hash");
|
||||
return;
|
||||
}
|
||||
|
||||
std::string checkpwd;
|
||||
if(m_authmanager.exists(playername))
|
||||
@ -3265,6 +3272,13 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
|
||||
newpwd += c;
|
||||
}
|
||||
|
||||
if(!base64_is_valid(newpwd)){
|
||||
infostream<<"Server: "<<player->getName()<<" supplied invalid password hash"<<std::endl;
|
||||
// Wrong old password supplied!!
|
||||
SendChatMessage(peer_id, L"Invalid new password hash supplied. Password NOT changed.");
|
||||
return;
|
||||
}
|
||||
|
||||
infostream<<"Server: Client requests a password change from "
|
||||
<<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user