Bug: MD5 Password code has a serious memory flaw.
Danger: Critical - Will invalidate passwords under random circumstances.
Found by: Gatewaysysop
Fixed by: Samson
strncpy( passwd, ( const char * )digest, 16 );
strncpy( passwd, ( const char * )digest, 15 );
passwd = '';
While this may seem innocuous, there is actually a nasty memory problem lurking here. For those who may know, it should be fairly obvious. For those who don't, strncpy does not NULL terminate a string if the results of it's operation will consume the size specified. In this case, 16 bytes. All 16 bytes are generally occupied by the md5 algorithm, so the string is never properly terminated. So for safety, only 15 bytes will now be copied, and the 15th position of the array set to NULL. This guarantees no problems. This fix will not cause your already saved passwords to be invalidated.
A bit of explanation. Gatewaysysop noticed that his password was getting corrupted with junk data that should not have been there. It was most noticeable when using the formpass command to test with, but it was also clobbering the password pointer on his character data as well. He does his development work on Cygwin, with a modified base. This bug apparently did not seem to phase my Linux install and everything was working fine. However in the course of our investigating this issue, it was found to affect the FUSS packages without being modified. The circumstances which brought forth the bug were rather strange. Apparently somehow when objects get grouped, they do weirdness in memory, because only when displaying grouped objects, like "A sharp knife (3)" will this bug manifest.
It struck me that in AFKMud I use the strlcpy, note the L, not N, and there are no issues with the code as is. I was not able to reproduce any of the known conditions that could cause this. I realized that it must have been due to non-terminated strings and decided to play a hunch and see what happened. Terminating the string stopped the problem. It is not known for sure if this bug would have affected other platforms, or even just other versions of GCC. No sense in chancing it.
Chalk one up to those rare conditions or something.