+2004-11-07 Michael Poole <mdpoole@troilus.org>
+
+ * include/ircd_crypt.h (ircd_crypt): This should return char*, not
+ const char*, since it does not own the returned pointer.
+
+ * ircd/ircd_crypt.c (ircd_crypt): Change return type.
+
+ * ircd/ircd_crypt_smd5.c (irc_crypt_smd5): Make passwd a static
+ field since it is returned but this function must own the buffer.
+
+ * ircd/m_oper.c (oper_password_match): Free the string returned by
+ ircd_crypt().
+
+ * ircd/engine_epoll.c (engine_loop): Fix a memory leak.
+
2004-11-07 Michael Poole <mdpoole@troilus.org>
* acinclude.m4: Look for a 64-bit integer type.
/* exported functions */
extern void ircd_crypt_init(void);
-extern const char* ircd_crypt(const char* key, const char* salt);
+extern char* ircd_crypt(const char* key, const char* salt);
extern int ircd_crypt_register_mech(crypt_mech_t* mechanism);
extern int ircd_crypt_unregister_mech(crypt_mech_t* mechanism);
}
timer_run();
}
+ MyFree(events);
}
/** Descriptor for dpoll event engine. */
/** Wrapper for generating a hashed password passed on the supplied password
* @param key Pointer to the password we want crypted
* @param salt Pointer to the password we're comparing to (for the salt)
- * @return Pointer to the generated password.
- *
+ * @return Pointer to the generated password (must be MyFree()'d).
+ *
* This is a wrapper function which attempts to establish the password
- * format and funnel it off to the correct mechanism handler function. The
+ * format and funnel it off to the correct mechanism handler function. The
* returned password is compared in the oper_password_match() routine.
*/
-const char* ircd_crypt(const char* key, const char* salt)
+char* ircd_crypt(const char* key, const char* salt)
{
char *hashed_pass = NULL;
const char *temp_hashed_pass, *mysalt;
const char* ircd_crypt_smd5(const char* key, const char* salt)
{
const char *magic = "$1$";
-char *passwd, *p;
+static char passwd[120];
+char *p;
const char *sp, *ep;
unsigned char final[16];
int sl, pl, i, j;
/* Refine the Salt first */
ep = sp = salt;
- if(NULL == (passwd = (char *)MyMalloc(120)))
- return NULL;
-
- memset(passwd, 0, 120);
-
for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
continue;
else
MD5Update(&ctx, (unsigned const char *)key+j, 1);
- /* Now make the output string
- strcpy(passwd, magic);
- strncat(passwd, sp, sl); */
+ /* Now make the output string. */
+ memset(passwd, 0, 120);
strncpy(passwd, sp, sl);
strcat(passwd, "$");
#include "client.h"
#include "hash.h"
#include "ircd.h"
+#include "ircd_alloc.h"
#include "ircd_features.h"
#include "ircd_log.h"
#include "ircd_reply.h"
int oper_password_match(const char* to_match, const char* passwd)
{
+ char *crypted;
+ int res;
/*
* use first two chars of the password they send in as salt
*
/* we no longer do a CRYPT_OPER_PASSWORD check because a clear
text passwords just handled by a fallback mechanism called
crypt_clear if it's enabled -- hikari */
- to_match = ircd_crypt(to_match, passwd);
+ crypted = ircd_crypt(to_match, passwd);
if (to_match == NULL)
return 0;
- else
- return (0 == strcmp(to_match, passwd));
+ res = strcmp(crypted, passwd);
+ MyFree(crypted);
+ return 0 == res;
}
/*