fix: security fixes (#1974)

* fix: security fixes

dont print passwords for worlds
bound strings from clients
actually enable encryption between rakpeers
dont allow underflow when reading a string

Tested that packets are encrypted
tested that models can still be built
tested that combat still works

* add check

* use c++ nullptr instead of NULL

* initialize to 0

* globalize constant (should be in a namespace at least in the future)

* Update GameMessages.cpp

* check bounds

dMasterServer/InstanceManager.cpp

@@ -308,7 +308,7 @@ const InstancePtr& InstanceManager::FindPrivateInstance(const std::string& passw
 			continue;
 		}
 
-		LOG("Password: %s == %s => %d", password.c_str(), instance->GetPassword().c_str(), password == instance->GetPassword());
+		LOG("Checking private zone password match (result: %d)", password == instance->GetPassword());
 
 		if (instance->GetPassword() == password) {
 			return instance;

dMasterServer/MasterServer.cpp

@@ -720,7 +720,7 @@ void HandlePacket(Packet* packet) {
 				password += character;
 			}
 			const auto& newInst = Game::im->CreatePrivateInstance(mapId, cloneId, password.c_str());
-			LOG("Creating private zone %i/%i/%i with password %s", newInst->GetMapID(), newInst->GetCloneID(), newInst->GetInstanceID(), password.c_str());
+			LOG("Creating private zone %i/%i/%i", newInst->GetMapID(), newInst->GetCloneID(), newInst->GetInstanceID());
 
 			break;
 		}
@@ -747,7 +747,7 @@ void HandlePacket(Packet* packet) {
 
 			const auto& instance = Game::im->FindPrivateInstance(password.c_str());
 
-			LOG("Join private zone: %llu %d %s %p", requestID, mythranShift, password.c_str(), instance.get());
+			LOG("Join private zone: %llu %d %p", requestID, mythranShift, instance.get());
 
 			if (instance == nullptr) {
 				return;