Compare commits

...

5 Commits

Author SHA1 Message Date
Perttu Ahola
1a3d25c5ad Update changelog and call this 0.3.3 2013-03-05 18:53:24 +02:00
Perttu Ahola
30cbdb0981 Check password hash validity 2013-03-05 18:49:30 +02:00
Perttu Ahola
073964a12f Update changelog and call this 0.3.2 2012-05-12 22:41:42 +03:00
Perttu Ahola
d7442aecbe Add wooden planks to creative inventory (...finally 8D) 2012-05-12 22:34:59 +03:00
Perttu Ahola
1596628850 Add #include <unistd.h> to filesys.cpp (needed by some linux distros now) 2012-05-12 22:29:26 +03:00
7 changed files with 32 additions and 1 deletions

@ -10,7 +10,7 @@ project(minetest)
# Also remember to set PROTOCOL_VERSION in clientserver.h when releasing # Also remember to set PROTOCOL_VERSION in clientserver.h when releasing
set(VERSION_MAJOR 0) set(VERSION_MAJOR 0)
set(VERSION_MINOR 3) set(VERSION_MINOR 3)
set(VERSION_PATCH 1) set(VERSION_PATCH 3)
set(VERSION_STRING "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}") set(VERSION_STRING "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}")
MESSAGE(STATUS "*** Will build version ${VERSION_STRING} ***") MESSAGE(STATUS "*** Will build version ${VERSION_STRING} ***")

@ -3,6 +3,13 @@ Minetest-c55 changelog
This should contain all the major changes. This should contain all the major changes.
For minor stuff, refer to the commit log of the repository. For minor stuff, refer to the commit log of the repository.
0.3.3: (tagged on 2013-03-05)
- Fix a password-related vulnerability (late backport from some early 0.4)
0.3.2: (tagged on 2012-05-12)
- Include unistd.h in filesys.cpp
- Add wooden planks to creative inventory
0.3.1: (released on 2011-11-09) 0.3.1: (released on 2011-11-09)
- Fix frustum culling (previous versions have rendered too much stuff that is not actually visible (about 180 degrees, while should have been more like 100.)) - Fix frustum culling (previous versions have rendered too much stuff that is not actually visible (about 180 degrees, while should have been more like 100.))
- Add occlusion culling (improves performance a lot) - Add occlusion culling (improves performance a lot)

@ -38,6 +38,13 @@ static inline bool is_base64(unsigned char c) {
return (isalnum(c) || (c == '+') || (c == '/')); return (isalnum(c) || (c == '+') || (c == '/'));
} }
bool base64_is_valid(std::string const& s)
{
for(int i=0; i<s.size(); i++)
if(!is_base64(s[i])) return false;
return true;
}
std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) { std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
std::string ret; std::string ret;
int i = 0; int i = 0;

@ -1,4 +1,5 @@
#include <string> #include <string>
bool base64_is_valid(std::string const& s);
std::string base64_encode(unsigned char const* , unsigned int len); std::string base64_encode(unsigned char const* , unsigned int len);
std::string base64_decode(std::string const& s); std::string base64_decode(std::string const& s);

@ -505,6 +505,7 @@ void craft_set_creative_inventory(Player *player)
CONTENT_CLAY, CONTENT_CLAY,
CONTENT_BRICK, CONTENT_BRICK,
CONTENT_TREE, CONTENT_TREE,
CONTENT_WOOD,
CONTENT_LEAVES, CONTENT_LEAVES,
CONTENT_CACTUS, CONTENT_CACTUS,
CONTENT_PAPYRUS, CONTENT_PAPYRUS,

@ -171,6 +171,7 @@ bool RecursiveDelete(std::string path)
#include <errno.h> #include <errno.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <unistd.h>
std::vector<DirListNode> GetDirListing(std::string pathstring) std::vector<DirListNode> GetDirListing(std::string pathstring)
{ {

@ -39,6 +39,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
#include "settings.h" #include "settings.h"
#include "profiler.h" #include "profiler.h"
#include "log.h" #include "log.h"
#include "base64.h"
#define PP(x) "("<<(x).X<<","<<(x).Y<<","<<(x).Z<<")" #define PP(x) "("<<(x).X<<","<<(x).Y<<","<<(x).Z<<")"
@ -1962,6 +1963,12 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
password[PASSWORD_SIZE-1] = 0; password[PASSWORD_SIZE-1] = 0;
} }
if(!base64_is_valid(password)){
infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
SendAccessDenied(m_con, peer_id, L"Invalid password hash");
return;
}
std::string checkpwd; std::string checkpwd;
if(m_authmanager.exists(playername)) if(m_authmanager.exists(playername))
{ {
@ -3265,6 +3272,13 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
newpwd += c; newpwd += c;
} }
if(!base64_is_valid(newpwd)){
infostream<<"Server: "<<player->getName()<<" supplied invalid password hash"<<std::endl;
// Wrong old password supplied!!
SendChatMessage(peer_id, L"Invalid new password hash supplied. Password NOT changed.");
return;
}
infostream<<"Server: Client requests a password change from " infostream<<"Server: Client requests a password change from "
<<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl; <<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;