Mercurial > dovecot > core-2.2
changeset 1738:ec90bae6f20a HEAD
Removed strcat stuff and did some minor tweaks.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 25 Aug 2003 10:10:29 +0300 |
parents | b94a21f18a13 |
children | c9026bb73dae |
files | src/auth/md5crypt.c |
diffstat | 1 files changed, 30 insertions(+), 29 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/md5crypt.c Mon Aug 25 06:02:49 2003 +0300 +++ b/src/auth/md5crypt.c Mon Aug 25 10:10:29 2003 +0300 @@ -16,6 +16,8 @@ */ #include "lib.h" +#include "safe-memset.h" +#include "str.h" #include "md5.h" #include "md5crypt.h" @@ -30,10 +32,10 @@ */ static void -to64(char *s, unsigned long v, int n) +to64(string_t *str, unsigned long v, int n) { while (--n >= 0) { - *s++ = itoa64[v&0x3f]; + str_append_c(str, itoa64[v&0x3f]); v >>= 6; } } @@ -47,19 +49,20 @@ const char * md5_crypt(const char *pw, const char *salt) { - char passwd[120], *p; const char *sp,*ep; unsigned char final[16]; int sl,pl,i,j; struct md5_context ctx,ctx1; unsigned long l; + string_t *passwd; + size_t pw_len = strlen(pw); /* Refine the Salt first */ sp = salt; /* If it starts with the magic string, then skip that */ - if(!strncmp(sp,magic,strlen(magic))) - sp += strlen(magic); + if (strncmp(sp, magic, sizeof(magic)-1) == 0) + sp += sizeof(magic)-1; /* It stops at the first '$', max 8 chars */ for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++) @@ -71,37 +74,38 @@ md5_init(&ctx); /* The password first, since that is what is most unknown */ - md5_update(&ctx,pw,strlen(pw)); + md5_update(&ctx,pw,pw_len); /* Then our magic string */ - md5_update(&ctx,magic,strlen(magic)); + md5_update(&ctx,magic,sizeof(magic)-1); /* Then the raw salt */ md5_update(&ctx,sp,sl); /* Then just as many characters of the MD5(pw,salt,pw) */ md5_init(&ctx1); - md5_update(&ctx1,pw,strlen(pw)); + md5_update(&ctx1,pw,pw_len); md5_update(&ctx1,sp,sl); - md5_update(&ctx1,pw,strlen(pw)); + md5_update(&ctx1,pw,pw_len); md5_final(&ctx1,final); - for(pl = strlen(pw); pl > 0; pl -= 16) + for(pl = pw_len; pl > 0; pl -= 16) md5_update(&ctx,final,pl>16 ? 16 : pl); /* Don't leave anything around in vm they could use. */ - memset(final,0,sizeof final); + safe_memset(final, 0, sizeof(final)); /* Then something really weird... */ - for (j=0,i = strlen(pw); i ; i >>= 1) + for (j=0,i = pw_len; i ; i >>= 1) if(i&1) md5_update(&ctx, final+j, 1); else md5_update(&ctx, pw+j, 1); /* Now make the output string */ - strcpy(passwd,magic); - strncat(passwd,sp,sl); - strcat(passwd,"$"); + passwd = t_str_new(sl + 64); + str_append(passwd, magic); + str_append_n(passwd, sp, sl); + str_append_c(passwd, '$'); md5_final(&ctx,final); @@ -113,7 +117,7 @@ for(i=0;i<1000;i++) { md5_init(&ctx1); if(i & 1) - md5_update(&ctx1,pw,strlen(pw)); + md5_update(&ctx1,pw,pw_len); else md5_update(&ctx1,final,16); @@ -121,27 +125,24 @@ md5_update(&ctx1,sp,sl); if(i % 7) - md5_update(&ctx1,pw,strlen(pw)); + md5_update(&ctx1,pw,pw_len); if(i & 1) md5_update(&ctx1,final,16); else - md5_update(&ctx1,pw,strlen(pw)); + md5_update(&ctx1,pw,pw_len); md5_final(&ctx1,final); } - p = passwd + strlen(passwd); - - l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4; - l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4; - l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4; - l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4; - l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4; - l = final[11] ; to64(p,l,2); p += 2; - *p = '\0'; + l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(passwd,l,4); + l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(passwd,l,4); + l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(passwd,l,4); + l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(passwd,l,4); + l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(passwd,l,4); + l = final[11] ; to64(passwd,l,2); /* Don't leave anything around in vm they could use. */ - memset(final,0,sizeof final); + safe_memset(final, 0, sizeof(final)); - return t_strdup(passwd); + return str_c(passwd); }