Only check salt for having correct prefix rather being full hash

wesnoth · Feb 12, 2018 · 3db8cb2 · 3db8cb2
1 parent 5f6a449
commit 3db8cb2
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/src/game_initialization/multiplayer.cpp b/src/game_initialization/multiplayer.cpp
@@ -271,7 +271,7 @@ std::pair<wesnothd_connection_ptr, config> open_connection(std::string host)
 								throw wesnothd_error(_("Bad data received from server"));
 							}
 
-							if(utils::md5::is_valid_hash(salt)) {
+							if(utils::md5::is_valid_prefix(salt)) {
 								sp["password"] = utils::md5(utils::md5(password, utils::md5::get_salt(salt),
 									utils::md5::get_iteration_count(salt)).base64_digest(), salt.substr(12, 8)).base64_digest();
 							} else if(utils::bcrypt::is_valid_prefix(salt)) {

diff --git a/src/hash.cpp b/src/hash.cpp
@@ -84,9 +84,14 @@ std::string md5::get_salt(const std::string& hash) {
 	return hash.substr(4,8);
 }
 
+bool md5::is_valid_prefix(const std::string& hash)
+{
+	return hash.substr(0,3) == hash_prefix;
+}
+
 bool md5::is_valid_hash(const std::string& hash) {
 	if(hash.size() != 34) return false;
-	if(hash.substr(0,3) != hash_prefix) return false;
+	if(!is_valid_prefix(hash)) return false;
 
 	const int iteration_count = get_iteration_count(hash);
 	if(iteration_count < 7 || iteration_count > 30) return false;

diff --git a/src/hash.hpp b/src/hash.hpp
@@ -52,6 +52,7 @@ class md5 : public hash_digest<16>
 public:
 	static int get_iteration_count(const std::string& hash);
 	static std::string get_salt(const std::string& hash);
+	static bool is_valid_prefix(const std::string& hash);
 	static bool is_valid_hash(const std::string& hash);
 	explicit md5(const std::string& input);
 	md5(const std::string& input, const std::string& salt, int iteration_count = 10);