diff options
| author | Wilmer van der Gaast <wilmer@gaast.net> | 2006-06-19 13:52:34 +0200 |
|---|---|---|
| committer | Wilmer van der Gaast <wilmer@gaast.net> | 2006-06-19 13:52:34 +0200 |
| commit | d028a77c97eeccc8d1345af008e2d8920116b637 (patch) | |
| tree | a89fbed533dbc7d04ceb1767ca3160685f5f50ed | |
| parent | d28f3b35855c8f8de0be9589334004b30d1ac394 (diff) | |
Better detection of incorrect MD5 password hashes.
| -rw-r--r-- | storage_xml.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/storage_xml.c b/storage_xml.c index 12afe472..ff8f1351 100644 --- a/storage_xml.c +++ b/storage_xml.c @@ -85,31 +85,35 @@ static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_na { md5_byte_t pass_md5[16]; md5_state_t md5_state; - int pass_match, i, j; + int i, j; md5_init( &md5_state ); - md5_append( &md5_state, xd->given_pass, strlen( xd->given_pass ) ); + md5_append( &md5_state, (md5_byte_t*) xd->given_pass, strlen( xd->given_pass ) ); md5_finish( &md5_state, pass_md5 ); - for( i = 0; i < 16 && pass[i*2] && pass[i*2+1]; i ++ ) + for( i = 0; i < 16; i ++ ) { - sscanf( pass + i * 2, "%2x", &j ); + if( !isxdigit( pass[i*2] ) || !isxdigit( pass[i*2+1] ) || + sscanf( pass + i * 2, "%2x", &j ) != 1 ) + { + g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, + "Incorrect password MD5-hash" ); + break; + } if( j != pass_md5[i] ) + { + g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, + XML_PASS_ERRORMSG ); break; + } } - /* If we reached the end of the loop, it was a match! */ - pass_match = i == 16; - if( strcmp( nick, xd->given_nick ) == 0 && pass_match ) + /* If we reached the end of the loop, it was a match! */ + if( i == 16 ) { if( xd->pass_st != XML_PASS_CHECK_ONLY ) xd->pass_st = XML_PASS_OK; } - else - { - g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT, - XML_PASS_ERRORMSG ); - } } } else if( xd->pass_st < XML_PASS_OK ) |