Przeglądaj źródła

* Don't truncate password at MAXPASSLEN when setting or assigning password

Bryan Drewery 14 lat temu
rodzic
commit
20422b62f2
4 zmienionych plików z 9 dodań i 9 usunięć
  1. 7 5
      src/cmds.c
  2. 1 1
      src/misc.c
  3. 1 1
      src/misc.h
  4. 0 2
      src/userent.c

+ 7 - 5
src/cmds.c

@@ -508,30 +508,32 @@ static void cmd_newpass(int idx, char *par)
     return;
   }
 
-  char *newpass = newsplit(&par), pass[MAXPASSLEN + 1] = "";
+  char *newpass = newsplit(&par), *pass = NULL;
 
   putlog(LOG_CMDS, "*", "#%s# newpass...", dcc[idx].nick);
 
   if (!strcmp(newpass, "rand")) {
+    pass = (char*)my_calloc(1, MAXPASSLEN);
     make_rand_str(pass, MAXPASSLEN);
   } else {
     if (strlen(newpass) < 6) {
       dprintf(idx, "Please use at least 6 characters.\n");
       return;
     } else {
-      strlcpy(pass, newpass, sizeof(pass));
+      pass = strdup(newpass);
     }
   }
-  if (strlen(pass) > MAXPASSLEN)
-    pass[MAXPASSLEN] = 0;
 
-  if (!goodpass(pass, idx, NULL))
+  if (!goodpass(pass, idx, NULL)) {
+    free(pass);
     return;
+  }
 
   set_user(&USERENTRY_PASS, dcc[idx].user, pass);
   dprintf(idx, "Changed your password to: %s\n", pass);
   if (conf.bot->hub)
     write_userfile(idx);
+  free(pass);
 }
 
 static void cmd_secpass(int idx, char *par)

+ 1 - 1
src/misc.c

@@ -1042,7 +1042,7 @@ int bot_aggressive_to(struct userrec *u)
     return 0;
 }
 
-int goodpass(char *pass, int idx, char *nick)
+int goodpass(const char *pass, int idx, char *nick)
 {
   if (!pass[0]) 
     return 0;

+ 1 - 1
src/misc.h

@@ -23,7 +23,7 @@ void shuffleArray(char **, size_t);
 void showhelp(int, struct flag_record *, const char *);
 char *replace(const char *, const char *, const char *);
 char *replace_vars(char*);
-int goodpass(char *, int, char *);
+int goodpass(const char *, int, char *);
 int bot_aggressive_to(struct userrec *);
 void readsocks(const char *);
 int updatebin(int, char *, int);

+ 0 - 2
src/userent.c

@@ -579,8 +579,6 @@ static bool pass_set(struct userrec *u, struct user_entry *e, void *buf)
     if (u->bot || (pass[0] == '+'))
       newpass = strdup(pass);
     else {
-      if (strlen(pass) > MAXPASSLEN)
-        pass[MAXPASSLEN] = 0;
       while (*p) {
         if ((*p <= 32) || (*p == 127))
           *p = '?';