Ver código fonte

* Use salted_sha1cmp() for passowrd and cmdpass comparing

Bryan Drewery 16 anos atrás
pai
commit
75252f86c7
2 arquivos alterados com 3 adições e 10 exclusões
  1. 1 5
      src/dccutil.c
  2. 2 5
      src/userrec.c

+ 1 - 5
src/dccutil.c

@@ -1092,12 +1092,8 @@ int check_cmd_pass(const char *cmd, char *pass)
         return 1;
       }
 
-      epass = salted_sha1(pass, &(cp->pass)[1]);
-      if (!strcmp(epass, cp->pass)) {
-        free(epass);
+      if (!salted_sha1cmp(cp->pass, pass))
         return 1;
-      }
-      free(epass);
       return 0;
     }
   return 0;

+ 2 - 5
src/userrec.c

@@ -345,13 +345,10 @@ int u_pass_match(struct userrec *u, char *in)
     strlcpy(pass, in, sizeof(pass));
 
     /* Pass the salted pass in so the same salt can be used */
-    char* newpass = salted_sha1(pass, &cmp[1]);
+    int n = salted_sha1cmp(cmp, pass);
     OPENSSL_cleanse(pass, sizeof(pass));
-    if (!strcmp(cmp, newpass)) {
-      free(newpass);
+    if (!n)
       return 1;
-    }
-    free(newpass);
   }
   return 0;
 }