Check password hash validity

1 files changed, 13 insertions, 0 deletions

diff --git a/src/server.cpp b/src/server.cpp
index 522916a2f..771eb3652 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -2080,6 +2080,12 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
 			}
 			password[PASSWORD_SIZE-1] = 0;
 		}
+
+		if(!base64_is_valid(password)){
+			infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
+			SendAccessDenied(m_con, peer_id, L"Invalid password hash");
+			return;
+		}
 		
 		std::string checkpwd;
 		bool has_auth = scriptapi_get_auth(m_lua, playername, &checkpwd, NULL);
@@ -2790,6 +2796,13 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
 			newpwd += c;
 		}
 
+		if(!base64_is_valid(newpwd)){
+			infostream<<"Server: "<<player->getName()<<" supplied invalid password hash"<<std::endl;
+			// Wrong old password supplied!!
+			SendChatMessage(peer_id, L"Invalid new password hash supplied. Password NOT changed.");
+			return;
+		}
+
 		infostream<<"Server: Client requests a password change from "
 				<<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;