Bläddra i källkod

* Fucking auth was broken, should be fixed now.

svn: 366
Bryan Drewery 22 år sedan
förälder
incheckning
154f8ce976
3 ändrade filer med 8 tillägg och 8 borttagningar
  1. 2 2
      src/auth.c
  2. 5 5
      src/dcc.c
  3. 1 1
      src/mod/irc.mod/msgcmds.c

+ 2 - 2
src/auth.c

@@ -89,8 +89,8 @@ char *makehash(struct userrec *u, char *rand)
 {
   MD5_CTX ctx;
   unsigned char md5out[MD5_HASH_LENGTH + 1];
-  char md5string[MD5_HASH_LENGTH + 1], hash[500], *ret = NULL;
-  sprintf(hash, "%s%s%s", rand, (char *) get_user(&USERENTRY_SECPASS, u), authkey ? authkey : "");
+  char md5string[MD5_HASH_LENGTH + 1], hash[256], *ret = NULL;
+  sprintf(hash, "%s%s%s", rand, (char *) get_user(&USERENTRY_SECPASS, u), authkey[0] ? authkey : "");
   MD5_Init(&ctx);
   MD5_Update(&ctx, hash, strlen(hash));
   MD5_Final(md5out, &ctx);

+ 5 - 5
src/dcc.c

@@ -595,14 +595,15 @@ struct dcc_table DCC_FORK_BOT =
 static void dcc_chat_secpass(int idx, char *buf, int atr)
 {
 #ifdef S_AUTH
-  char *check;
+  char check[MD5_HASH_LENGTH + 7];
 
   if (!atr)
     return;
   strip_telnet(dcc[idx].sock, buf, &atr);
   atr = dcc[idx].user ? dcc[idx].user->flags : 0;
-  check = nmalloc(strlen(dcc[idx].hash) + 6 + 1);
-  sprintf(check, "+Auth %s", dcc[idx].hash);
+  check[0] = 0;
+  snprintf(check, sizeof check, "+Auth %s", dcc[idx].hash);
+  check[MD5_HASH_LENGTH + 6] = 0;
 
   if (!strcmp(check, buf)) {
 //+secpass
@@ -645,7 +646,6 @@ static void dcc_chat_secpass(int idx, char *buf, int atr)
       lostdcc(idx);
     }
   }
-  nfree(check);
 #endif /* S_AUTH */
 }
 struct dcc_table DCC_CHAT_SECPASS;
@@ -678,7 +678,7 @@ static void dcc_chat_pass(int idx, char *buf, int atr)
     char rand[51];
 
     make_rand_str(rand, 50);
-    strcpy(dcc[idx].hash, makehash(dcc[idx].user, rand));
+    strncpyz(dcc[idx].hash, makehash(dcc[idx].user, rand), sizeof dcc[idx].hash);
     dcc[idx].type = &DCC_CHAT_SECPASS;
     dcc[idx].timeval = now;
     dprintf(idx, "-Auth %s %s\n", rand, botnetnick);

+ 1 - 1
src/mod/irc.mod/msgcmds.c

@@ -201,7 +201,7 @@ static int msg_auth(char *nick, char *host, struct userrec *u, char *par)
       auth[i].authing = 2;      
       auth[i].user = u;
       make_rand_str(rand, 50);
-      strcpy(auth[i].hash, makehash(u, rand));
+      strncpyz(auth[i].hash, makehash(u, rand), sizeof auth[i].hash);
       dprintf(DP_HELP, "PRIVMSG %s :-Auth %s %s\n", nick, rand, botnetnick);
     }
   } else {