aboutsummaryrefslogtreecommitdiff
path: root/src/server.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/server.cpp')
-rw-r--r--src/server.cpp13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/server.cpp b/src/server.cpp
index 522916a2f..771eb3652 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -2080,6 +2080,12 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
}
password[PASSWORD_SIZE-1] = 0;
}
+
+ if(!base64_is_valid(password)){
+ infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
+ SendAccessDenied(m_con, peer_id, L"Invalid password hash");
+ return;
+ }
std::string checkpwd;
bool has_auth = scriptapi_get_auth(m_lua, playername, &checkpwd, NULL);
@@ -2790,6 +2796,13 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
newpwd += c;
}
+ if(!base64_is_valid(newpwd)){
+ infostream<<"Server: "<<player->getName()<<" supplied invalid password hash"<<std::endl;
+ // Wrong old password supplied!!
+ SendChatMessage(peer_id, L"Invalid new password hash supplied. Password NOT changed.");
+ return;
+ }
+
infostream<<"Server: Client requests a password change from "
<<"'"<<oldpwd<<"' to '"<<newpwd<<"'"<<std::endl;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-17 23:58:43 +0000