Forráskód Böngészése

Merge branch 'fix-password-length' into maint

* fix-password-length:
  * Update help for 'rand' param for newpass/chpass
  * Update docs
  * Don't truncate password at MAXPASSLEN in msg_pass
  * Fix cmd_(chpass|newpass) truncating password at MAXPASSLEN
  * Don't truncate password at MAXPASSLEN when setting or assigning password
  * Don't truncate passwords at MAXPASSLEN when converting to new format
  * Don't truncate at MAXPASSLEN when comparing password to salted-sha1

Conflicts:
	doc/UPDATES
Bryan Drewery 14 éve
szülő
commit
41383d9f5d
7 módosított fájl, 24 hozzáadás és 41 törlés
  1. 1 0
      doc/UPDATES
  2. 19 29
      src/cmds.c
  3. 1 1
      src/misc.c
  4. 1 1
      src/misc.h
  5. 0 2
      src/mod/irc.mod/msgcmds.c
  6. 0 2
      src/userent.c
  7. 2 6
      src/userrec.c

+ 1 - 0
doc/UPDATES

@@ -6,6 +6,7 @@ maint
   * Update server list, 'set -yes servers -' and 'set -yes servers6 -' to get new list.
   * cmd_mns_user now accepts multiple users (fixes #77)
   * Permanent owners can no longer be removed via cmd_mns_user
+  * Fix various places incorrectly truncating passwords at 15 characters
 
 1.3.2 - http://wraith.botpack.net/milestone/1.3.2
   * Misc bug fixes

+ 19 - 29
src/cmds.c

@@ -504,34 +504,29 @@ static void cmd_back(int idx, char *par)
 static void cmd_newpass(int idx, char *par)
 {
   if (!par[0]) {
-    dprintf(idx, "Usage: newpass <newpassword>\n");
+    dprintf(idx, "Usage: newpass <newpassword|rand>\n");
     return;
   }
 
-  char *newpass = newsplit(&par), pass[MAXPASSLEN + 1] = "";
+  char *newpass = newsplit(&par), *pass = NULL;
 
   putlog(LOG_CMDS, "*", "#%s# newpass...", dcc[idx].nick);
 
   if (!strcmp(newpass, "rand")) {
+    pass = (char*)my_calloc(1, MAXPASSLEN + 1);
     make_rand_str(pass, MAXPASSLEN);
   } else {
-    if (strlen(newpass) < 6) {
-      dprintf(idx, "Please use at least 6 characters.\n");
+    if (!goodpass(newpass, idx, NULL)) {
       return;
-    } else {
-      strlcpy(pass, newpass, sizeof(pass));
     }
+    pass = strdup(newpass);
   }
-  if (strlen(pass) > MAXPASSLEN)
-    pass[MAXPASSLEN] = 0;
-
-  if (!goodpass(pass, idx, NULL))
-    return;
 
   set_user(&USERENTRY_PASS, dcc[idx].user, pass);
   dprintf(idx, "Changed your password to: %s\n", pass);
   if (conf.bot->hub)
     write_userfile(idx);
+  free(pass);
 }
 
 static void cmd_secpass(int idx, char *par)
@@ -1238,7 +1233,7 @@ static void cmd_handle(int idx, char *par)
 static void cmd_chpass(int idx, char *par)
 {
   if (!par[0]) {
-    dprintf(idx, "Usage: chpass <handle> [password]\n");
+    dprintf(idx, "Usage: chpass <handle> [password|rand]\n");
     return;
   }
   char *handle = newsplit(&par);
@@ -1253,31 +1248,26 @@ static void cmd_chpass(int idx, char *par)
     set_user(&USERENTRY_PASS, u, NULL);
     dprintf(idx, "Removed password.\n");
   } else {
-    bool good = 0, randpass = 0;
-    char *newpass = newsplit(&par), pass[MAXPASSLEN + 1] = "";
-    size_t l = strlen(newpass);
+    bool randpass = 0;
+    char *newpass = newsplit(&par), *pass = NULL;
 
-    if (l > MAXPASSLEN)
-      newpass[MAXPASSLEN] = 0;
     if (!strcmp(newpass, "rand")) {
+      pass = (char*)my_calloc(1, MAXPASSLEN + 1);
       make_rand_str(pass, MAXPASSLEN);
       randpass = 1;
-      good = 1;
     } else {
-      if (goodpass(newpass, idx, NULL)) {
-        strlcpy(pass, newpass, sizeof(pass));
-        good = 1;
+      if (!goodpass(newpass, idx, NULL)) {
+        return;
       }
+      pass = strdup(newpass);
     }
-    if (strlen(pass) > MAXPASSLEN)
-      pass[MAXPASSLEN] = 0;
 
-    if (good) {
-      set_user(&USERENTRY_PASS, u, pass);
-      putlog(LOG_CMDS, "*", "#%s# chpass %s [%s]", dcc[idx].nick, handle, randpass ? "random" : "something");
-      dprintf(idx, "Password for '%s' changed to: %s\n", handle, pass);
-      write_userfile(idx);
-    }
+    set_user(&USERENTRY_PASS, u, pass);
+    putlog(LOG_CMDS, "*", "#%s# chpass %s [%s]", dcc[idx].nick, handle, randpass ? "random" : "something");
+    dprintf(idx, "Password for '%s' changed to: %s\n", handle, pass);
+    write_userfile(idx);
+
+    free(pass);
   }
 }
 

+ 1 - 1
src/misc.c

@@ -1042,7 +1042,7 @@ int bot_aggressive_to(struct userrec *u)
     return 0;
 }
 
-int goodpass(char *pass, int idx, char *nick)
+int goodpass(const char *pass, int idx, char *nick)
 {
   if (!pass[0]) 
     return 0;

+ 1 - 1
src/misc.h

@@ -23,7 +23,7 @@ void shuffleArray(char **, size_t);
 void showhelp(int, struct flag_record *, const char *);
 char *replace(const char *, const char *, const char *);
 char *replace_vars(char*);
-int goodpass(char *, int, char *);
+int goodpass(const char *, int, char *);
 int bot_aggressive_to(struct userrec *);
 void readsocks(const char *);
 int updatebin(int, char *, int);

+ 0 - 2
src/mod/irc.mod/msgcmds.c

@@ -105,8 +105,6 @@ static int msg_pass(char *nick, char *host, struct userrec *u, char *par)
   } else {
     mynew = old;
   }
-  if (strlen(mynew) > MAXPASSLEN)
-    mynew[MAXPASSLEN] = 0;
 
   if (!goodpass(mynew, 0, nick)) {
     putlog(LOG_CMDS, "*", "(%s!%s) !%s! $b!$bPASS...", nick, host, u->handle);

+ 0 - 2
src/userent.c

@@ -579,8 +579,6 @@ static bool pass_set(struct userrec *u, struct user_entry *e, void *buf)
     if (u->bot || (pass[0] == '+'))
       newpass = strdup(pass);
     else {
-      if (strlen(pass) > MAXPASSLEN)
-        pass[MAXPASSLEN] = 0;
       while (*p) {
         if ((*p <= 32) || (*p == 127))
           *p = '?';

+ 2 - 6
src/userrec.c

@@ -308,9 +308,6 @@ void convert_password(struct userrec *u)
     pass += 17;
     /* ----------------------------------------------------------------------- */
 
-    if (strlen(pass) > MAXPASSLEN)
-      pass[MAXPASSLEN] = 0;
-
     set_user(&USERENTRY_PASS, u, pass);
     OPENSSL_cleanse(passp, strlen(passp));
     free(passp);
@@ -343,13 +340,12 @@ int u_pass_match(struct userrec *u, const char *in)
     if (!strcmp(cmp, in))
       return 1;
   } else {
-    char pass[MAXPASSLEN + 1] = "";
-
-    strlcpy(pass, in, sizeof(pass));
+    char *pass = strdup(in), *pass_p = pass;
 
     /* Pass the salted pass in so the same salt can be used */
     int n = salted_sha1cmp(cmp, pass);
     OPENSSL_cleanse(pass, sizeof(pass));
+    free(pass_p);
     if (!n)
       return 1;
   }