Compare commits

...

5 Commits

Author SHA1 Message Date
Perttu Ahola
1a3d25c5ad Update changelog and call this 0.3.3 2013-03-05 18:53:24 +02:00
Perttu Ahola
30cbdb0981 Check password hash validity 2013-03-05 18:49:30 +02:00
Perttu Ahola
073964a12f Update changelog and call this 0.3.2 2012-05-12 22:41:42 +03:00
Perttu Ahola
d7442aecbe Add wooden planks to creative inventory (...finally 8D) 2012-05-12 22:34:59 +03:00
Perttu Ahola
1596628850 Add #include <unistd.h> to filesys.cpp (needed by some linux distros now) 2012-05-12 22:29:26 +03:00
7 changed files with 32 additions and 1 deletions

@ -10,7 +10,7 @@ project(minetest)
# Also remember to set PROTOCOL_VERSION in clientserver.h when releasing
set(VERSION_MAJOR 0)
set(VERSION_MINOR 3)
set(VERSION_PATCH 1)
set(VERSION_PATCH 3)
set(VERSION_STRING "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}")
MESSAGE(STATUS "*** Will build version ${VERSION_STRING} ***")

@ -3,6 +3,13 @@ Minetest-c55 changelog
This should contain all the major changes.
For minor stuff, refer to the commit log of the repository.
0.3.3: (tagged on 2013-03-05)
- Fix a password-related vulnerability (late backport from some early 0.4)
0.3.2: (tagged on 2012-05-12)
- Include unistd.h in filesys.cpp
- Add wooden planks to creative inventory
0.3.1: (released on 2011-11-09)
- Fix frustum culling (previous versions have rendered too much stuff that is not actually visible (about 180 degrees, while should have been more like 100.))
- Add occlusion culling (improves performance a lot)

@ -38,6 +38,13 @@ static inline bool is_base64(unsigned char c) {
return (isalnum(c) || (c == '+') || (c == '/'));
}
bool base64_is_valid(std::string const& s)
{
for(int i=0; i<s.size(); i++)
if(!is_base64(s[i])) return false;
return true;
}
std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
std::string ret;
int i = 0;

@ -1,4 +1,5 @@
#include <string>
bool base64_is_valid(std::string const& s);
std::string base64_encode(unsigned char const* , unsigned int len);
std::string base64_decode(std::string const& s);

@ -505,6 +505,7 @@ void craft_set_creative_inventory(Player *player)
CONTENT_CLAY,
CONTENT_BRICK,
CONTENT_TREE,
CONTENT_WOOD,
CONTENT_LEAVES,
CONTENT_CACTUS,
CONTENT_PAPYRUS,

@ -171,6 +171,7 @@ bool RecursiveDelete(std::string path)
#include <errno.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <unistd.h>
std::vector<DirListNode> GetDirListing(std::string pathstring)
{

@ -39,6 +39,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
#include "settings.h"
#include "profiler.h"
#include "log.h"
#include "base64.h"
#define PP(x) "("<<(x).X<<","<<(x).Y<<","<<(x).Z<<")"
@ -1961,6 +1962,12 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
}
password[PASSWORD_SIZE-1] = 0;
}
if(!base64_is_valid(password)){
infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
SendAccessDenied(m_con, peer_id, L"Invalid password hash");
return;
}
std::string checkpwd;
if(m_authmanager.exists(playername))
@ -3265,6 +3272,13 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
newpwd += c;
}
if(!base64_is_valid(newpwd)){
infostream<<"Server: "<<player->getName()<<" supplied invalid password hash"<<std::endl;
// Wrong old password supplied!!
SendChatMessage(peer_id, L"Invalid new password hash supplied. Password NOT changed.");
return;
}
infostream<<"Server: Client requests a password change from "
<<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;