empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

(natbyname): Do not look up a non-active country.

Browse source 
Previously a blank country name or deleted country name would
return a pointer to non-active countries.
This creates a security problem where some one can successfully
login into the server without country or password.  Closes #1219569.
This commit is contained in:
Ron Koenderink 2005-11-21 18:25:49 +00:00
parent f17cedfccd
commit 779a41c71b
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/lib/player/nat.c
View file

@ -45,7 +45,8 @@ natbyname(s_char *name, natid *result)
int i; int i;
for (i = 0; NULL != (np = getnatp(i)); i++) { for (i = 0; NULL != (np = getnatp(i)); i++) {
if (strcmp(np->nat_cnam, name) == 0) { if ((np->nat_stat & STAT_INUSE) &&
(strcmp(np->nat_cnam, name) == 0)) {
*result = i; *result = i;
return 0; return 0;
} }