mirror of
https://github.com/OpenFusionProject/OpenFusion.git
synced 2024-11-05 15:00:06 +00:00
Safe handling of TEGid/auth_id strings
This commit is contained in:
parent
c29899f2b9
commit
3c5eefd9c2
@ -40,6 +40,7 @@
|
|||||||
|
|
||||||
// wrapper for U16toU8
|
// wrapper for U16toU8
|
||||||
#define ARRLEN(x) (sizeof(x)/sizeof(*x))
|
#define ARRLEN(x) (sizeof(x)/sizeof(*x))
|
||||||
|
#define AUTOU8(x) std::string(x, ARRLEN(x))
|
||||||
#define AUTOU16TOU8(x) U16toU8(x, ARRLEN(x))
|
#define AUTOU16TOU8(x) U16toU8(x, ARRLEN(x))
|
||||||
|
|
||||||
// TODO: rewrite U16toU8 & U8toU16 to not use codecvt
|
// TODO: rewrite U16toU8 & U8toU16 to not use codecvt
|
||||||
|
@ -109,18 +109,19 @@ void CNLoginServer::login(CNSocket* sock, CNPacketData* data) {
|
|||||||
|
|
||||||
std::string userLogin;
|
std::string userLogin;
|
||||||
std::string userPassword;
|
std::string userPassword;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The std::string -> char* -> std::string maneuver should remove any
|
||||||
|
* trailing garbage after the null terminator.
|
||||||
|
*/
|
||||||
if (isCookieAuth) {
|
if (isCookieAuth) {
|
||||||
// username encoded in TEGid raw
|
// username encoded in TEGid raw
|
||||||
userLogin = std::string((char*)login->szCookie_TEGid);
|
userLogin = std::string(AUTOU8((char*)login->szCookie_TEGid).c_str());
|
||||||
|
|
||||||
// clients that use web login but without proper cookies
|
// N.B. clients that use web login without proper cookies
|
||||||
// send their passwords instead, so store that
|
// send their passwords in the cookie field
|
||||||
userPassword = std::string((char*)login->szCookie_authid);
|
userPassword = std::string(AUTOU8((char*)login->szCookie_authid).c_str());
|
||||||
} else {
|
} else {
|
||||||
/*
|
|
||||||
* The std::string -> char* -> std::string maneuver should remove any
|
|
||||||
* trailing garbage after the null terminator.
|
|
||||||
*/
|
|
||||||
userLogin = std::string(AUTOU16TOU8(login->szID).c_str());
|
userLogin = std::string(AUTOU16TOU8(login->szID).c_str());
|
||||||
userPassword = std::string(AUTOU16TOU8(login->szPassword).c_str());
|
userPassword = std::string(AUTOU16TOU8(login->szPassword).c_str());
|
||||||
}
|
}
|
||||||
@ -171,7 +172,7 @@ void CNLoginServer::login(CNSocket* sock, CNPacketData* data) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (isCookieAuth) {
|
if (isCookieAuth) {
|
||||||
const char *cookie = reinterpret_cast<const char*>(login->szCookie_authid);
|
const char *cookie = userPassword.c_str();
|
||||||
if (!Database::checkCookie(findUser.AccountID, cookie))
|
if (!Database::checkCookie(findUser.AccountID, cookie))
|
||||||
return loginFail(LoginError::ID_AND_PASSWORD_DO_NOT_MATCH, userLogin, sock);
|
return loginFail(LoginError::ID_AND_PASSWORD_DO_NOT_MATCH, userLogin, sock);
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user