Improve error detection code on blowfish crypt & increase password le…

…n. (#40)
mudcoders · Apr 18, 2018 · 93a9e93 · 93a9e93
1 parent d303ce4
commit 93a9e93
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/src/socket.c b/src/socket.c
@@ -903,17 +903,25 @@ void handle_new_connections(D_SOCKET *dsock, char *arg)
       dsock->player = p_new;
       break;
     case STATE_NEW_PASSWORD:
-      if (strlen(arg) < 5 || strlen(arg) > 12)
+      if (strlen(arg) < 5 || strlen(arg) >= 256)
       {
-        text_to_buffer(dsock, "Between 5 and 12 chars please!\n\rPlease enter a new password: ");
+        text_to_buffer(dsock, "Between 5 and 256 chars please!\n\rPlease enter a new password: ");
         return;
       }
 
       free(dsock->player->password);
       snprintf(salt, sizeof(salt), "$2y$12$%s%s$", pepper, dsock->player->name);
       dsock->player->password = strdup(crypt(arg, salt));
 
-      if(0 == strncmp("*0", dsock->player->password, 2)) {
+      /*
+       * We check our encrypted password is not "*0" or "*1".
+       * This is one of the ways the blowcrypt API signals some
+       * internal error.
+       * 
+       */ 
+
+      if(0 == strncmp("*0", dsock->player->password, 2)
+      || 0 == strncmp("*1", dsock->player->password, 2)) {
           text_to_buffer(dsock, "Illegal password!\n\rPlease enter a new password: ");
           return;
       }