[crossfire] Re: [Crossfire-cvs] CVS commit: crossfire

Andreas Kirschbaum kirschbaum at myrealbox.com
Fri Jul 15 18:26:09 CDT 2005


Andreas Kirschbaum wrote:
>
     
     
      crossfire-cvs-admin at lists.sourceforge.net
      
       wrote:
     
     >
     
      > server/c_party.c: party password max length is 7, due to buffer size.
     
     >
     
      >    (i think it was a patch from Casper?)
     
     >
     
     
     >
     
      I had fixed this problem a few days before. (See the ChangeLog entry a
     
     >
     
      few lines below.) My fix made passwords up to 8 characters work: the
     
     >
     
      field party_struct.passwd can hold passwords of 8 characters length
     
     >
     
      because it is declared as "char passwd[9];". IIRC the real problem was
     
     >
     
      the code that put the password into the struct. It was missing a length
     
     >
     
      check and possibly not terminating the password with '\0'.
     
     >
     
     
     >
     
      Other than that, it is now broken: passwords of 8 characters length are
     
     >
     
      silently truncated to 7 characters, but passwords of 9 or more
     
     >
     
      characters length are rejected with "The password must not exceed 8
     
     >
     
      characters".
     
     
I reversed this patch; party passwords with a length of 8 characters are
now working again.

    
    


More information about the crossfire mailing list