From 941e0cfda282b2461e500fcdf5828a7e20bf6da6 Mon Sep 17 00:00:00 2001 From: Yohann Ferreira Date: Thu, 25 Aug 2005 21:07:28 +0000 Subject: Adding min and max length check for password, more code cleanups in login and removing possible buffer overflows by replacing some global char[] by std::strings. --- src/gui/char_select.cpp | 2 +- src/gui/login.cpp | 55 ++++++++++++++++++++++++++++++++++++--------- src/main.cpp | 6 ++--- src/main.h | 13 ++++++----- src/resources/buddylist.cpp | 4 ++-- 5 files changed, 58 insertions(+), 22 deletions(-) diff --git a/src/gui/char_select.cpp b/src/gui/char_select.cpp index 6c8a844b..de01a571 100644 --- a/src/gui/char_select.cpp +++ b/src/gui/char_select.cpp @@ -247,7 +247,7 @@ void CharSelectDialog::serverCharSelect() map_port = RFIFOW(26); state = GAME; - logger->log("CharSelect: Map: %s", map_name); + logger->log("CharSelect: Map: %s", map_name.c_str()); logger->log("CharSelect: Server: %s:%d", iptostring(map_address), map_port); RFIFOSKIP(28); close_session(); diff --git a/src/gui/login.cpp b/src/gui/login.cpp index f60d0dc9..8f26cf7d 100644 --- a/src/gui/login.cpp +++ b/src/gui/login.cpp @@ -24,6 +24,7 @@ #include "login.h" #include +#include #include @@ -65,7 +66,7 @@ void WrongPasswordNoticeListener::action(const std::string &eventId) void WrongUsernameNoticeListener::action(const std::string &eventId) { // Set the focus on the username Field - loginDialog->userField->setCaretPosition(LEN_USERNAME - 1); + loginDialog->userField->setCaretPosition(LEN_MAX_USERNAME - 1); loginDialog->userField->requestFocus(); wrongLoginNotice = NULL; } @@ -232,13 +233,44 @@ void LoginDialog::action(const std::string& eventId) } // Check login - if (user.length() == 0) { + if (user.length() == 0) // No username + { wrongLoginNotice = new OkDialog("Error", "Enter your username first.", &wrongUsernameNoticeListener); - } else if (user.length() < 4) { - wrongLoginNotice = new OkDialog("Error", "The username needs to be at least 4 characters.", &wrongUsernameNoticeListener); - } else if (user.length() > LEN_USERNAME -1 ) { - wrongLoginNotice = new OkDialog("Error", "The username needs to be less than 25 characters long.", &wrongUsernameNoticeListener); - } else { + } + else if (user.length() < LEN_MIN_USERNAME) // Name too short + { + std::stringstream errorMessage; + errorMessage << "The username needs to be at least "; + errorMessage << LEN_MIN_USERNAME; + errorMessage << " characters long."; + wrongLoginNotice = new OkDialog("Error", errorMessage.str(), &wrongUsernameNoticeListener); + } + else if (user.length() > LEN_MAX_USERNAME - 1 ) // Name too long + { + std::stringstream errorMessage; + errorMessage << "The username needs to be less than "; + errorMessage << LEN_MAX_USERNAME; + errorMessage << " characters long."; + wrongLoginNotice = new OkDialog("Error", errorMessage.str(), &wrongUsernameNoticeListener); + } + else if (passField->getText().length() < LEN_MIN_PASSWORD) // Pass too short + { + std::stringstream errorMessage; + errorMessage << "The password needs to be at least "; + errorMessage << LEN_MIN_PASSWORD; + errorMessage << " characters long."; + wrongLoginNotice = new OkDialog("Error", errorMessage.str(), &wrongPasswordNoticeListener); + } + else if (passField->getText().length() > LEN_MAX_PASSWORD - 1 ) // Pass too long + { + std::stringstream errorMessage; + errorMessage << "The password needs to be less than "; + errorMessage << LEN_MAX_PASSWORD; + errorMessage << " characters long."; + wrongLoginNotice = new OkDialog("Error", errorMessage.str(), &wrongPasswordNoticeListener); + } + else // If no errors, register the new user. + { attemptLogin(user + "_M", passField->getText()); close_session(); } @@ -283,8 +315,8 @@ void login() int attemptLogin(const std::string& user, const std::string& pass) { - strncpy(username, user.c_str(), LEN_USERNAME); - strncpy(password, pass.c_str(), LEN_PASSWORD); + username = user; + password = pass; int ret; // Connect to login server @@ -303,8 +335,9 @@ int attemptLogin(const std::string& user, const std::string& pass) { WFIFOW(0) = net_w_value(0x0064); WFIFOL(2) = 0; - memcpy(WFIFOP(6), username, 24); - memcpy(WFIFOP(30), password, 24); + + memcpy(WFIFOP(6), username.c_str(), LEN_MAX_USERNAME - 1); + memcpy(WFIFOP(30), password.c_str(), LEN_MAX_PASSWORD - 1); WFIFOB(54) = 0; WFIFOSET(55); diff --git a/src/main.cpp b/src/main.cpp index d2a8d964..84e8b73a 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -74,11 +74,11 @@ Spriteset *hairset = NULL, *playerset = NULL; Image *login_wallpaper = NULL; Graphics *graphics; -char username[LEN_USERNAME]; -char password[LEN_PASSWORD]; +std::string username; +std::string password; int map_address, char_ID; short map_port; -char map_name[16]; +std::string map_name; unsigned char state; unsigned char screen_mode; volatile int framesToDraw = 0; diff --git a/src/main.h b/src/main.h index 2dd4f87a..8546cfe6 100644 --- a/src/main.h +++ b/src/main.h @@ -51,15 +51,18 @@ enum { * to be able to use strncpy instead of strcpy for * security and stability reasons */ -#define LEN_USERNAME 25 -#define LEN_PASSWORD 25 +#define LEN_MAX_USERNAME 25 +#define LEN_MIN_USERNAME 4 +#define LEN_MAX_PASSWORD 25 +#define LEN_MIN_PASSWORD 4 +#include extern Image *login_wallpaper; -extern char username[25]; -extern char password[25]; +extern std::string username; +extern std::string password; extern int map_address, char_ID; extern short map_port; -extern char map_name[16]; +extern std::string map_name; extern int account_ID, session_ID1, session_ID2; extern char sex, n_server, n_character; extern unsigned char state; diff --git a/src/resources/buddylist.cpp b/src/resources/buddylist.cpp index 6293bc84..2e2cdea6 100644 --- a/src/resources/buddylist.cpp +++ b/src/resources/buddylist.cpp @@ -53,8 +53,8 @@ void BuddyList::loadFile(void) } do { - buddy = (char *) calloc(LEN_USERNAME, sizeof(char)); - inputStream.getline(buddy, LEN_USERNAME); + buddy = (char *) calloc(LEN_MAX_USERNAME, sizeof(char)); + inputStream.getline(buddy, LEN_MAX_USERNAME); // Ugly ? if(strcmp(buddy,"") != 0) buddylist.push_back(buddy); free(buddy); -- cgit v1.2.3-70-g09d2