Check password hash validity

author Perttu Ahola <celeron55@gmail.com>

Sun, 3 Jun 2012 17:32:44 +0000 (20:32 +0300)

committer Perttu Ahola <celeron55@gmail.com>

Sun, 3 Jun 2012 17:32:44 +0000 (20:32 +0300)
author Perttu Ahola <celeron55@gmail.com>
Sun, 3 Jun 2012 17:32:44 +0000 (20:32 +0300)
committer Perttu Ahola <celeron55@gmail.com>
Sun, 3 Jun 2012 17:32:44 +0000 (20:32 +0300)
diff --git a/src/base64.cpp b/src/base64.cpp

index 0dfba501303aa4606232c5f667f35f6ea895b86c..90d4de20321c29f87d0f5caa19c8d66822024392 100644 (file)
--- a/src/base64.cpp
+++ b/src/base64.cpp
@@ -38,6 +38,13 @@ static inline bool is_base64(unsigned char c) {
    return (isalnum(c) || (c == '+') || (c == '/'));
  }
  
+bool base64_is_valid(std::string const& s)
+{
+       for(int i=0; i<s.size(); i++)
+               if(!is_base64(s[i])) return false;
+       return true;
+}
+
  std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) {
    std::string ret;
    int i = 0;
diff --git a/src/base64.h b/src/base64.h

index 65d5db8b22cbb4c14c920cec79c542a454a1ae91..a29e69687774e1b0e6f66bfd5adfae8aa9625e51 100644 (file)
--- a/src/base64.h
+++ b/src/base64.h
@@ -1,4 +1,5 @@
  #include <string>
  
+bool base64_is_valid(std::string const& s);
  std::string base64_encode(unsigned char const* , unsigned int len);
  std::string base64_decode(std::string const& s);
diff --git a/src/server.cpp b/src/server.cpp

index 522916a2f4224080073e3dfd425a5b4dbbdc7aff..771eb36522ce6b66853131f37487147bf5cbde41 100644 (file)
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -2080,6 +2080,12 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
                         }
                         password[PASSWORD_SIZE-1] = 0;
                 }
+
+               if(!base64_is_valid(password)){
+                       infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
+                       SendAccessDenied(m_con, peer_id, L"Invalid password hash");
+                       return;
+               }
                 
                 std::string checkpwd;
                 bool has_auth = scriptapi_get_auth(m_lua, playername, &checkpwd, NULL);
@@ -2790,6 +2796,13 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
                         newpwd += c;
                 }
  
+               if(!base64_is_valid(newpwd)){
+                       infostream<<"Server: "<<player->getName()<<" supplied invalid password hash"<<std::endl;
+                       // Wrong old password supplied!!
+                       SendChatMessage(peer_id, L"Invalid new password hash supplied. Password NOT changed.");
+                       return;
+               }
+
                 infostream<<"Server: Client requests a password change from "
                                 <<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;
author	Perttu Ahola <celeron55@gmail.com>
	Sun, 3 Jun 2012 17:32:44 +0000 (20:32 +0300)
committer	Perttu Ahola <celeron55@gmail.com>
	Sun, 3 Jun 2012 17:32:44 +0000 (20:32 +0300)
src/base64.cpp		patch \| blob \| history
src/base64.h		patch \| blob \| history
src/server.cpp		patch \| blob \| history