Priority: HIGH
File: Src/checkX.c
Function: canseelogin()
Discovered: During unit testing of access control logic
Description: Function performs strcmp() without NULL checks on loginname global variable, potentially causing crashes if loginname is uninitialized.
Reproduction Steps:
- Set loginname global variable to NULL
- Set world.hide_login = 1
- Call canseelogin()
- Crashes due to strcmp(NULL, LOGIN)
Impact: Server crashes if loginname is not properly initialized, affecting system stability.
Proposed Fix: Add NULL safety checks:
int canseelogin(void) {
if (loginname == NULL) {
return 0; /* Fail safe - deny access if user unknown */
}
return (!world.hide_login ||
(strcmp(loginname, LOGIN) == 0) ||
(strcmp(loginname, world.demigod) == 0));
}Original Bug ID: BUG-002
Priority: HIGH
File: Src/checkX.c
Function: canseelogin()
Discovered: During unit testing of access control logic
Description: Function performs strcmp() without NULL checks on loginname global variable, potentially causing crashes if loginname is uninitialized.
Reproduction Steps:
Impact: Server crashes if loginname is not properly initialized, affecting system stability.
Proposed Fix: Add NULL safety checks:
Original Bug ID: BUG-002