Fix: [Network] Reading beyond the length of the server's ID when hashing password - Erich/openttd - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	rubidium42 <rubidium@openttd.org>	2021-05-02 11:05:50 +0200
committer	rubidium42 <rubidium42@users.noreply.github.com>	2021-05-02 11:51:28 +0200
commit	56aa6d0eddb60fac20cde82cd496005369ca1b8d (patch)
tree	c42f6531d63827167fffe1f958060343e10fb535 /src/network/network_content_gui.h
parent	18651dd8b13d8a427ae71d8af00792d52ad9ed60 (diff)
download	openttd-56aa6d0eddb60fac20cde82cd496005369ca1b8d.tar.xz

Fix: [Network] Reading beyond the length of the server's ID when hashing password

Under normal circumstances the server's ID is 32 characters excluding '\0', however this can be changed at the server. This ID is sent to the server for company name hashing. The client reads it into a statically allocated buffer of 33 bytes, but fills only the bytes it received from the server. However, the hash assumes all 33 bytes are set, thus potentially reading uninitialized data, or a part of the server ID of a previous game in the hashing routine. It is still reading from memory assigned to the server ID, so nothing bad happens, except that company passwords might not work correctly.

Diffstat (limited to 'src/network/network_content_gui.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: