From 035c84b67db2880c59218ad70c9ab91a577ff16e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomasz=20=C5=9Aniatowski?= <kailoran@gmail.com>
Date: Sat, 12 Dec 2009 17:56:16 +0100
Subject: [PATCH] do not trust the server-returned salt string to be 12 or more
 chars,

...avoiding a crash when a 1.7 client connects to a 1.6 server
---
 src/multiplayer.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/multiplayer.cpp b/src/multiplayer.cpp
index a0fffcdda76..4b29e3895e2 100644
--- a/src/multiplayer.cpp
+++ b/src/multiplayer.cpp
@@ -251,6 +251,11 @@ static server_type open_connection(game_display& disp, const std::string& origin
 
 								const std::string salt = (*error)["salt"];
 
+								if (salt.length() < 12) {
+									//TODO gettextify after end of stringfreeze
+									throw network::error("Bad data received from server");
+								}
+
 								sp["password"] = util::create_hash(util::create_hash(password, util::get_salt(salt),
 										util::get_iteration_count(salt)), salt.substr(12, 8));