[crossfire] Re: [Crossfire-cvs] CVS commit: crossfire

Andreas Kirschbaum kirschbaum at myrealbox.com
Thu Jan 20 16:20:45 CST 2005


     crossfire-cvs-admin at lists.sourceforge.net
     
      wrote:
>
     
      server/c_party.c: party password max length is 7, due to buffer size.
     
     >
     
         (i think it was a patch from Casper?)
     
     
I had fixed this problem a few days before. (See the ChangeLog entry a
few lines below.) My fix made passwords up to 8 characters work: the
field party_struct.passwd can hold passwords of 8 characters length
because it is declared as "char passwd[9];". IIRC the real problem was
the code that put the password into the struct. It was missing a length
check and possibly not terminating the password with '\0'.

Other than that, it is now broken: passwords of 8 characters length are
silently truncated to 7 characters, but passwords of 9 or more
characters length are rejected with "The password must not exceed 8
characters".

    
    


More information about the crossfire mailing list