diff options
| author | kcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2003-06-26 10:25:40 +0800 |
|---|---|---|
| committer | kcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2003-06-26 10:25:40 +0800 |
| commit | a317253f12deeeb4e262c9d34865ac0013ef4c15 (patch) | |
| tree | dea65d0690bb58b1249cddff5e7a95206cf4ae83 | |
| parent | 0424e0c7f04fb43d3185a19bfd3ac415510728a2 (diff) | |
| download | pttbbs-a317253f12deeeb4e262c9d34865ac0013ef4c15.tar pttbbs-a317253f12deeeb4e262c9d34865ac0013ef4c15.tar.gz pttbbs-a317253f12deeeb4e262c9d34865ac0013ef4c15.tar.bz2 pttbbs-a317253f12deeeb4e262c9d34865ac0013ef4c15.tar.lz pttbbs-a317253f12deeeb4e262c9d34865ac0013ef4c15.tar.xz pttbbs-a317253f12deeeb4e262c9d34865ac0013ef4c15.tar.zst pttbbs-a317253f12deeeb4e262c9d34865ac0013ef4c15.zip | |
always clear plaintext password in memory after checking
code clean up
git-svn-id: http://opensvn.csie.org/pttbbs/pttbbs/trunk@972 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
| -rw-r--r-- | pttbbs/mbbsd/register.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/pttbbs/mbbsd/register.c b/pttbbs/mbbsd/register.c index 63aa579f..51880eb7 100644 --- a/pttbbs/mbbsd/register.c +++ b/pttbbs/mbbsd/register.c @@ -1,9 +1,7 @@ -/* $Id: register.c,v 1.12 2003/06/19 15:49:07 bbs Exp $ */ +/* $Id: register.c,v 1.13 2003/06/26 02:25:40 kcwu Exp $ */ #define _XOPEN_SOURCE #include "bbs.h" -/* password encryption */ -static char pwbuf[14]; char * genpasswd(char *pw) @@ -24,20 +22,25 @@ genpasswd(char *pw) c += 6; saltc[i] = c; } - strlcpy(pwbuf, pw, sizeof(pwbuf)); - return crypt(pwbuf, saltc); + return crypt(pw, saltc); } return ""; } +// NOTE it will clean string in "plain" int -checkpasswd(char *passwd, char *test) +checkpasswd(char *passwd, char *plain) { + int ok; char *pw; - strncpy(pwbuf, test, 14); - pw = crypt(pwbuf, passwd); - return (!strncmp(pw, passwd, 14)); + ok = 0; + pw = crypt(plain, passwd); + if(pw && strcmp(pw, passwd)==0) + ok = 1; + memset(plain, 0, strlen(plain)); + + return ok; } /* Àˬd user µù¥U±¡ªp */ |