iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-05-03 03:52:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add CUtils::SaltedHash() for doing salted hashes and do some cleanup

Browse Source 
The stuff in CUtils::GetHashPass() and CUtils::GetSaltedHashPass() shouldn't
hurt, since we don't do such stuff in other places for passwords either.

This should improve the readability of the code a lot.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1324 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
psychon
2009-01-08 15:57:32 +00:00
parent efcbf7884f
commit a3169af5bd
5 changed files with 19 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
Utils.cpp
View File

@@ -166,29 +166,16 @@ unsigned long CUtils::GetLongIP(const CString& sIP) {
CString CUtils::GetHashPass() {
while (true) {
char* pass = CUtils::GetPass("Enter Password");
char* pass1 = (char*) malloc(strlen(pass) +1);
strcpy(pass1, pass); // Make a copy of this since it is stored in a static buffer and will be overwritten when we fill pass2 below
memset((char*) pass, 0, strlen(pass)); // null out our pass so it doesn't sit in memory
char* pass2 = CUtils::GetPass("Confirm Password");
int iLen = strlen(pass1);
CString pass1 = CUtils::GetPass("Enter Password");
CString pass2 = CUtils::GetPass("Confirm Password");
if (strcmp(pass1, pass2) != 0) {
if (!pass1.Equals(pass2, true)) {
CUtils::PrintError("The supplied passwords did not match");
} else if (!iLen) {
} else if (pass1.empty()) {
CUtils::PrintError("You can not use an empty password");
} else {
CString sRet((const char*) CMD5(pass1, iLen));
memset((char*) pass1, 0, iLen); // null out our pass so it doesn't sit in memory
memset((char*) pass2, 0, strlen(pass2)); // null out our pass so it doesn't sit in memory
free(pass1);
return sRet;
return pass1.MD5();
}
memset((char*) pass1, 0, iLen); // null out our pass so it doesn't sit in memory
memset((char*) pass2, 0, strlen(pass2)); // null out our pass so it doesn't sit in memory
free(pass1);
}
return "";
@@ -196,43 +183,19 @@ CString CUtils::GetHashPass() {
CString CUtils::GetSaltedHashPass(CString& sSalt) {
sSalt = GetSalt();
unsigned int uiSaltLength = sSalt.length();
const char *pSalt = sSalt.c_str();
while (true) {
char* pass = CUtils::GetPass("Enter Password");
char* pass1 = (char *) malloc(strlen(pass) + 1);
// Make a copy of this since it is stored in a static buffer and will be overwritten when we fill pass2 below
strcpy(pass1, pass);
// null out our pass so it doesn't sit in memory
memset(pass, 0, strlen(pass));
char* pass2 = CUtils::GetPass("Confirm Password");
int iLen = strlen(pass1);
CString pass1 = CUtils::GetPass("Enter Password");
CString pass2 = CUtils::GetPass("Confirm Password");
if (strcmp(pass1, pass2) != 0) {
if (!pass1.Equals(pass2, true)) {
CUtils::PrintError("The supplied passwords did not match");
} else if (!iLen) {
} else if (pass1.empty()) {
CUtils::PrintError("You can not use an empty password");
} else {
// Construct the salted pass
char *salted_pass = (char *) malloc(iLen + uiSaltLength + 1);
strcpy(salted_pass, pass1);
strcpy(salted_pass + iLen, pSalt);
CString sRet((const char*) CMD5(salted_pass, iLen + uiSaltLength));
// null out our pass so it doesn't sit in memory
memset(salted_pass, 0, iLen + uiSaltLength);
memset(pass1, 0, iLen);
memset(pass2, 0, strlen(pass2));
free(salted_pass);
free(pass1);
return sRet;
return SaltedHash(pass1, sSalt);
}
memset((char*) pass1, 0, iLen); // null out our pass so it doesn't sit in memory
memset((char*) pass2, 0, strlen(pass2)); // null out our pass so it doesn't sit in memory
free(pass1);
}
return "";
@@ -242,6 +205,10 @@ CString CUtils::GetSalt() {
return CString::RandomString(20);
}
CString CUtils::SaltedHash(const CString& sPass, const CString& sSalt) {
return CString(sPass + sSalt).MD5();
}
char* CUtils::GetPass(const CString& sPrompt) {
PrintPrompt(sPrompt);
return getpass("");