diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2009-09-15 21:47:52 +0200 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-09-15 21:47:52 +0200 |
| commit | 65c25eab6b3d4abfd3ead03a0f717223092e80ed (patch) | |
| tree | 5f59671e3c6bc6f6fb519a11014707d534b46ce4 /common | |
| parent | 21b591474d71a129988e3c11b616e417cadae052 (diff) | |
| download | eurephia-65c25eab6b3d4abfd3ead03a0f717223092e80ed.tar.gz eurephia-65c25eab6b3d4abfd3ead03a0f717223092e80ed.tar.xz eurephia-65c25eab6b3d4abfd3ead03a0f717223092e80ed.zip | |
BUGFIX: saltlen was set to 0 when a buffer for a new salt was generated
This error caused eurephia_pwd_crypt() to fail, especially when salt length
was requested to be longer. The solution was to retrieve the salt length
before allocating memory for it.
Diffstat (limited to 'common')
| -rw-r--r-- | common/passwd.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/common/passwd.c b/common/passwd.c index c3971f4..9e7dacb 100644 --- a/common/passwd.c +++ b/common/passwd.c @@ -460,7 +460,6 @@ char *eurephia_pwd_crypt(eurephiaCTX *ctx, const char *key, const char *salt) { char *buffer = NULL, *result = NULL; int buflen = (MAX_SALT_LEN + 20 + 1 + 86 + 1); char saltinfo[20], saltstr[MAX_SALT_LEN+22]; // saltstr will also contain saltinfo - int saltlen = 0; static size_t maxrounds = 0; static int srand_init = 0; @@ -482,18 +481,18 @@ char *eurephia_pwd_crypt(eurephiaCTX *ctx, const char *key, const char *salt) { if( salt == NULL ) { // If we do not have salt, create salt info - char tmp[saltlen+2]; - memset(&saltstr, 0, MAX_SALT_LEN+22); - memset(&tmp, 0, saltlen+2); - int minrounds = 0, rounds = ROUNDS_DEFAULT_MAX, loop = 0; + char *tmp = NULL; + int minrounds = 0, rounds = ROUNDS_DEFAULT_MAX, loop = 0, saltlen = 0; + // Get current salt length + saltlen = defaultIntValue(atoi_nullsafe(eGet_value(ctx->dbc->config, + "passwordhash_salt_length")), + DEFAULT_SALT_LEN); - if( saltlen == 0 ) { - // Get current salt length - saltlen = defaultIntValue(atoi_nullsafe(eGet_value(ctx->dbc->config, - "passwordhash_salt_length")), - DEFAULT_SALT_LEN); - } + tmp = malloc_nullsafe(ctx, saltlen+2); + assert(tmp != NULL); + memset(tmp, 0, saltlen+2); + memset(&saltstr, 0, MAX_SALT_LEN+22); // Get default min rounds for hashing minrounds = defaultIntValue(atoi_nullsafe(eGet_value(ctx->dbc->config, "passwordhash_rounds_min")), @@ -521,7 +520,8 @@ char *eurephia_pwd_crypt(eurephiaCTX *ctx, const char *key, const char *salt) { pack_saltinfo(saltinfo, 18, rounds, saltlen, key); strncpy(saltstr, saltinfo, strlen(saltinfo)); strncat(saltstr, tmp, saltlen - strlen(saltinfo)); - memset(&tmp, 0, saltlen+2); + memset(tmp, 0, saltlen+2); + free_nullsafe(ctx, tmp); } else { // If we have a salt, use it snprintf(saltstr, MAX_SALT_LEN+20, "%s%c", salt, 0); |