From fb101d381998f81a41a3cf1cb9a115ae00f61106 Mon Sep 17 00:00:00 2001 From: Michael Hansen Date: Tue, 1 Aug 2023 09:03:18 -0700 Subject: [PATCH] Fix an unlikely corner case of backwards compatibility with older clients: The previous broken StrCopy used in the older implementation of CryptHashPassword would only write the trailing '\0' character if the copied string had a size greater than zero. This change ONLY affects empty usernames and passwords, which is basically useless for anything other than testing (however, it can get DirtSand into a bad state -- see the PR there for details). --- Sources/Plasma/NucleusLib/pnEncryption/plChallengeHash.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Sources/Plasma/NucleusLib/pnEncryption/plChallengeHash.cpp b/Sources/Plasma/NucleusLib/pnEncryption/plChallengeHash.cpp index e06327b7c8..2861d4c88c 100644 --- a/Sources/Plasma/NucleusLib/pnEncryption/plChallengeHash.cpp +++ b/Sources/Plasma/NucleusLib/pnEncryption/plChallengeHash.cpp @@ -96,8 +96,10 @@ void CryptCreateRandomSeed(size_t length, uint8_t* data) void CryptHashPassword(const ST::string& username, const ST::string& password, ShaDigest dest) { ST::string_stream buf; - buf << password.left(password.size() - 1) << '\0'; - buf << username.to_lower().left(username.size() - 1) << '\0'; + if (!password.empty()) + buf << password.left(password.size() - 1) << '\0'; + if (!username.empty()) + buf << username.to_lower().left(username.size() - 1) << '\0'; ST::utf16_buffer result = buf.to_string().to_utf16(); plSHAChecksum sum(result.size() * sizeof(char16_t), (uint8_t*)result.data());