From cee30749f018d1018878cf55b1f4550a95bd9ff7 Mon Sep 17 00:00:00 2001
From: Haru <haru@dotalux.com>
Date: Wed, 16 Oct 2013 06:04:42 +0200
Subject: Follow-up to fad3040499293b1ff4ff634680163fcab4ca5e70

- Corrected token length limit detection when the token is shorter than
  32 characters. Special thanks to Lemongrass3110.

Signed-off-by: Haru <haru@dotalux.com>
---
 src/login/login.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/login/login.c')

diff --git a/src/login/login.c b/src/login/login.c
index f81ee30c7..7de5dbb76 100644
--- a/src/login/login.c
+++ b/src/login/login.c
@@ -1404,7 +1404,7 @@ int parse_login(int fd)
 				}
 
 				safestrncpy(username, accname, NAME_LENGTH);
-				safestrncpy(password, token, PASSWD_LEN);
+				safestrncpy(password, token, min(uTokenLen+1, PASSWD_LEN)); // Variable-length field, don't copy more than necessary
 				clienttype = RFIFOB(fd, 8);
 			}
 			else
-- 
cgit v1.2.3-60-g2f50