do not trust the server-returned salt string to be 12 or more chars,

...avoiding a crash when a 1.7 client connects to a 1.6 server
2009-12-12 17:56:16 +01:00 · 2009-12-12 17:56:16 +01:00 · 035c84b67d
commit 035c84b67d
parent ee01a65424
1 changed files with 5 additions and 0 deletions
--- a/src/multiplayer.cpp
+++ b/src/multiplayer.cpp
@ -251,6 +251,11 @@ static server_type open_connection(game_display& disp, const std::string& origin

 								const std::string salt = (*error)["salt"];

+								if (salt.length() < 12) {
+									//TODO gettextify after end of stringfreeze
+									throw network::error("Bad data received from server");
+								}
+
 								sp["password"] = util::create_hash(util::create_hash(password, util::get_salt(salt),
 										util::get_iteration_count(salt)), salt.substr(12, 8));