From 65c25eab6b3d4abfd3ead03a0f717223092e80ed Mon Sep 17 00:00:00 2001
From: David Sommerseth <dazo@users.sourceforge.net>
Date: Tue, 15 Sep 2009 21:47:52 +0200
Subject: BUGFIX: saltlen was set to 0 when a buffer for a new salt was
 generated

This error caused eurephia_pwd_crypt() to fail, especially when salt length
was requested to be longer.  The solution was to retrieve the salt length
before allocating memory for it.
---
 common/passwd.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

(limited to 'common')

diff --git a/common/passwd.c b/common/passwd.c
index c3971f4..9e7dacb 100644
--- a/common/passwd.c
+++ b/common/passwd.c
@@ -460,7 +460,6 @@ char *eurephia_pwd_crypt(eurephiaCTX *ctx, const char *key, const char *salt) {
         char *buffer = NULL, *result = NULL;
         int buflen = (MAX_SALT_LEN + 20 + 1 + 86 + 1);
         char saltinfo[20], saltstr[MAX_SALT_LEN+22]; // saltstr will also contain saltinfo
-        int saltlen = 0;
         static size_t maxrounds = 0;
         static int srand_init = 0;
 
@@ -482,18 +481,18 @@ char *eurephia_pwd_crypt(eurephiaCTX *ctx, const char *key, const char *salt) {
 
         if( salt == NULL ) {
                 // If we do not have salt, create salt info
-                char tmp[saltlen+2];
-                memset(&saltstr, 0, MAX_SALT_LEN+22);
-                memset(&tmp, 0, saltlen+2);
-                int minrounds = 0, rounds = ROUNDS_DEFAULT_MAX, loop = 0;
+                char *tmp = NULL;
+                int minrounds = 0, rounds = ROUNDS_DEFAULT_MAX, loop = 0, saltlen = 0;
 
+                // Get current salt length
+                saltlen = defaultIntValue(atoi_nullsafe(eGet_value(ctx->dbc->config,
+                                                                   "passwordhash_salt_length")),
+                                          DEFAULT_SALT_LEN);
 
-                if( saltlen == 0 ) {
-                        // Get current salt length
-                        saltlen = defaultIntValue(atoi_nullsafe(eGet_value(ctx->dbc->config,
-                                                                           "passwordhash_salt_length")),
-                                                  DEFAULT_SALT_LEN);
-                }
+                tmp = malloc_nullsafe(ctx, saltlen+2);
+                assert(tmp != NULL);
+                memset(tmp, 0, saltlen+2);
+                memset(&saltstr, 0, MAX_SALT_LEN+22);
 
                 // Get default min rounds for hashing
                 minrounds = defaultIntValue(atoi_nullsafe(eGet_value(ctx->dbc->config, "passwordhash_rounds_min")),
@@ -521,7 +520,8 @@ char *eurephia_pwd_crypt(eurephiaCTX *ctx, const char *key, const char *salt) {
                 pack_saltinfo(saltinfo, 18, rounds, saltlen, key);
                 strncpy(saltstr, saltinfo, strlen(saltinfo));
                 strncat(saltstr, tmp, saltlen - strlen(saltinfo));
-                memset(&tmp, 0, saltlen+2);
+                memset(tmp, 0, saltlen+2);
+                free_nullsafe(ctx, tmp);
         } else {
                 // If we have a salt, use it
                 snprintf(saltstr, MAX_SALT_LEN+20, "%s%c", salt, 0);
-- 
cgit