Unverified Commit ab8e0261 authored by twinaphex's avatar twinaphex Committed by GitHub
Browse files

Merge pull request #7637 from GregorR/revert-7635-master

Fix Buffer Overflow with netplay passwords
parents 0ae3d387 f897b95d
......@@ -274,16 +274,17 @@ static void handshake_password(void *ignore, const char *line)
{
struct password_buf_s password_buf;
char password[8+NETPLAY_PASS_LEN]; /* 8 for salt, 128 for password */
char hash[NETPLAY_PASS_HASH_LEN+1]; /* + NULL terminator */
netplay_t *netplay = handshake_password_netplay;
struct netplay_connection *connection = &netplay->connections[0];
snprintf(password, sizeof(password), "%08X", connection->salt);
if (line)
strlcpy(password + 8, line, sizeof(password)-8);
strlcpy(password + 8, line, sizeof(password)-8);
password_buf.cmd[0] = htonl(NETPLAY_CMD_PASSWORD);
password_buf.cmd[1] = htonl(sizeof(password_buf.password));
sha256_hash(password_buf.password, (uint8_t *) password, strlen(password));
sha256_hash(hash, (uint8_t *) password, strlen(password));
memcpy(password_buf.password, hash, NETPLAY_PASS_HASH_LEN);
/* We have no way to handle an error here, so we'll let the next function error out */
if (netplay_send(&connection->send_packet_buffer, connection->fd, &password_buf, sizeof(password_buf)))
......@@ -751,8 +752,9 @@ bool netplay_handshake_pre_nick(netplay_t *netplay,
bool netplay_handshake_pre_password(netplay_t *netplay,
struct netplay_connection *connection, bool *had_input)
{
struct password_buf_s password_buf, corr_password_buf;
struct password_buf_s password_buf;
char password[8+NETPLAY_PASS_LEN]; /* 8 for salt */
char hash[NETPLAY_PASS_HASH_LEN+1]; /* + NULL terminator */
ssize_t recvd;
char msg[512];
bool correct = false;
......@@ -788,11 +790,9 @@ bool netplay_handshake_pre_password(netplay_t *netplay,
strlcpy(password + 8,
settings->paths.netplay_password, sizeof(password)-8);
sha256_hash(corr_password_buf.password,
(uint8_t *) password, strlen(password));
sha256_hash(hash, (uint8_t *) password, strlen(password));
if (!memcmp(password_buf.password,
corr_password_buf.password, sizeof(password_buf.password)))
if (!memcmp(password_buf.password, hash, NETPLAY_PASS_HASH_LEN))
{
correct = true;
connection->can_play = true;
......@@ -803,11 +803,9 @@ bool netplay_handshake_pre_password(netplay_t *netplay,
strlcpy(password + 8,
settings->paths.netplay_spectate_password, sizeof(password)-8);
sha256_hash(corr_password_buf.password,
(uint8_t *) password, strlen(password));
sha256_hash(hash, (uint8_t *) password, strlen(password));
if (!memcmp(password_buf.password,
corr_password_buf.password, sizeof(password_buf.password)))
if (!memcmp(password_buf.password, hash, NETPLAY_PASS_HASH_LEN))
correct = true;
}
......
......@@ -35,7 +35,7 @@
#define NETPLAY_NICK_LEN 32
#define NETPLAY_PASS_LEN 128
#define NETPLAY_PASS_HASH_LEN 65 /* length of a SHA-256 hash + NULL terminator*/
#define NETPLAY_PASS_HASH_LEN 64 /* length of a SHA-256 hash */
#define MAX_SERVER_STALL_TIME_USEC (5*1000*1000)
#define MAX_CLIENT_STALL_TIME_USEC (10*1000*1000)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment