[crossfire] Re: [Crossfire-cvs] CVS commit: crossfire
Andreas Kirschbaum
kirschbaum at myrealbox.com
Thu Jan 20 16:20:45 CST 2005
crossfire-cvs-admin at lists.sourceforge.net
wrote:
>
server/c_party.c: party password max length is 7, due to buffer size.
>
(i think it was a patch from Casper?)
I had fixed this problem a few days before. (See the ChangeLog entry a
few lines below.) My fix made passwords up to 8 characters work: the
field party_struct.passwd can hold passwords of 8 characters length
because it is declared as "char passwd[9];". IIRC the real problem was
the code that put the password into the struct. It was missing a length
check and possibly not terminating the password with '\0'.
Other than that, it is now broken: passwords of 8 characters length are
silently truncated to 7 characters, but passwords of 9 or more
characters length are rejected with "The password must not exceed 8
characters".
More information about the crossfire
mailing list