X-Git-Url: http://de.git.xonotic.org/?p=xonotic%2Fdarkplaces.git;a=blobdiff_plain;f=netconn.c;h=342d78b253cdb623d36ad5c1c9fee34b025bf970;hp=97f07bac167179115afd2ab3f8c45a3bf6f6d1ad;hb=91e898971b8ec935b2d25e7cd0d26eb0c6a8d8a7;hpb=e258e3fe3240de023926bc7642159fc80e6fee62

diff --git a/netconn.c b/netconn.c
index 97f07bac..342d78b2 100755
--- a/netconn.c
+++ b/netconn.c
@@ -2739,6 +2739,11 @@ static qboolean hmac_mdfour_time_matching(lhnetaddress_t *peeraddress, const cha
 	char mdfourbuf[16];
 	long t1, t2;
 
+	if (!password[0]) {
+		Con_Print("^4LOGIC ERROR: RCon_Authenticate should never call the comparator with an empty password. Please report.\n");
+		return false;
+	}
+
 	t1 = (long) time(NULL);
 	t2 = strtol(s, NULL, 0);
 	if(abs(t1 - t2) > rcon_secure_maxdiff.integer)
@@ -2755,6 +2760,11 @@ static qboolean hmac_mdfour_challenge_matching(lhnetaddress_t *peeraddress, cons
 	char mdfourbuf[16];
 	int i;
 
+	if (!password[0]) {
+		Con_Print("^4LOGIC ERROR: RCon_Authenticate should never call the comparator with an empty password. Please report.\n");
+		return false;
+	}
+
 	if(slen < (int)(sizeof(challenges[0].string)) - 1)
 		return false;
 
@@ -2781,6 +2791,11 @@ static qboolean hmac_mdfour_challenge_matching(lhnetaddress_t *peeraddress, cons
 
 static qboolean plaintext_matching(lhnetaddress_t *peeraddress, const char *password, const char *hash, const char *s, int slen)
 {
+	if (!password[0]) {
+		Con_Print("^4LOGIC ERROR: RCon_Authenticate should never call the comparator with an empty password. Please report.\n");
+		return false;
+	}
+
 	return !strcmp(password, hash);
 }
 
@@ -2799,12 +2814,12 @@ static const char *RCon_Authenticate(lhnetaddress_t *peeraddress, const char *pa
 	{
 		have_usernames = true;
 		strlcpy(buf, userpass_start, ((size_t)(userpass_end-userpass_start) >= sizeof(buf)) ? (int)(sizeof(buf)) : (int)(userpass_end-userpass_start+1));
-		if(buf[0])
+		if(buf[0])  // Ignore empty entries due to leading/duplicate space.
 			if(comparator(peeraddress, buf, password, cs, cslen))
 				goto allow;
 		userpass_start = userpass_end + 1;
 	}
-	if(userpass_start[0])
+	if(userpass_start[0])  // Ignore empty trailing entry due to trailing space or password not set.
 	{
 		userpass_end = userpass_start + strlen(userpass_start);
 		if(comparator(peeraddress, userpass_start, password, cs, cslen))
@@ -2818,12 +2833,12 @@ static const char *RCon_Authenticate(lhnetaddress_t *peeraddress, const char *pa
 	{
 		have_usernames = true;
 		strlcpy(buf, userpass_start, ((size_t)(userpass_end-userpass_start) >= sizeof(buf)) ? (int)(sizeof(buf)) : (int)(userpass_end-userpass_start+1));
-		if(buf[0])
+		if(buf[0])  // Ignore empty entries due to leading/duplicate space.
 			if(comparator(peeraddress, buf, password, cs, cslen))
 				goto check;
 		userpass_start = userpass_end + 1;
 	}
-	if(userpass_start[0])
+	if(userpass_start[0])  // Ignore empty trailing entry due to trailing space or password not set.
 	{
 		userpass_end = userpass_start + strlen(userpass_start);
 		if(comparator(peeraddress, userpass_start, password, cs, cslen))