summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>2003-06-26 10:25:40 +0800
committerkcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>2003-06-26 10:25:40 +0800
commit166a3e6260ee97ab891ee99170ffc544c409f346 (patch)
tree33e3077155dd70e123e6b108638eda61d16a569c
parent27ad27c7b1cee0ad4e7a8121efeb8b946ec021d5 (diff)
downloadpttbbs-166a3e6260ee97ab891ee99170ffc544c409f346.tar
pttbbs-166a3e6260ee97ab891ee99170ffc544c409f346.tar.gz
pttbbs-166a3e6260ee97ab891ee99170ffc544c409f346.tar.bz2
pttbbs-166a3e6260ee97ab891ee99170ffc544c409f346.tar.lz
pttbbs-166a3e6260ee97ab891ee99170ffc544c409f346.tar.xz
pttbbs-166a3e6260ee97ab891ee99170ffc544c409f346.tar.zst
pttbbs-166a3e6260ee97ab891ee99170ffc544c409f346.zip
always clear plaintext password in memory after checking
code clean up git-svn-id: http://opensvn.csie.org/pttbbs/pttbbs/trunk/pttbbs@972 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
Diffstat
-rw-r--r--mbbsd/register.c21
1 files changed, 12 insertions, 9 deletions
diff --git a/mbbsd/register.c b/mbbsd/register.c
index 63aa579f..51880eb7 100644
--- a/mbbsd/register.c
+++ b/mbbsd/register.c
@@ -1,9 +1,7 @@
-/* $Id: register.c,v 1.12 2003/06/19 15:49:07 bbs Exp $ */
+/* $Id: register.c,v 1.13 2003/06/26 02:25:40 kcwu Exp $ */
#define _XOPEN_SOURCE
#include "bbs.h"
-/* password encryption */
-static char pwbuf[14];
char *
genpasswd(char *pw)
@@ -24,20 +22,25 @@ genpasswd(char *pw)
c += 6;
saltc[i] = c;
}
- strlcpy(pwbuf, pw, sizeof(pwbuf));
- return crypt(pwbuf, saltc);
+ return crypt(pw, saltc);
}
return "";
}
+// NOTE it will clean string in "plain"
int
-checkpasswd(char *passwd, char *test)
+checkpasswd(char *passwd, char *plain)
{
+ int ok;
char *pw;
- strncpy(pwbuf, test, 14);
- pw = crypt(pwbuf, passwd);
- return (!strncmp(pw, passwd, 14));
+ ok = 0;
+ pw = crypt(plain, passwd);
+ if(pw && strcmp(pw, passwd)==0)
+ ok = 1;
+ memset(plain, 0, strlen(plain));
+
+ return ok;
}
/* Àˬd user µù¥U±¡ªp */
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 07:23:17 +0800