diff options
| author | dequis <dx@dxzone.com.ar> | 2015-05-07 20:04:47 -0300 |
|---|---|---|
| committer | dequis <dx@dxzone.com.ar> | 2015-05-07 20:12:06 -0300 |
| commit | 5535a47f4c2b9def68356d1ced9a149a7197f32c (patch) | |
| tree | 9c05160494a67119c0f3c27ad42a4606694fa4c0 /unix.c | |
| parent | 81a15dab997b9dc3f94d46ebee331cf61fc2e43d (diff) | |
More coverity fixes!
CID 18634: 'Logically dead code' in jabber_get_info
CID 18638: 'Dereference after null check' in oauth2_access_token_done
CID 18691: 'Copy into fixed size buffer' in bee_irc_user_new
CID 20274: Leak in bee_irc_chat_invite
CID 20297, CID 20283: Leaks in crypt_main
Some the base64 leaks there weren't detected, needs modeling.
Diffstat (limited to 'unix.c')
| -rw-r--r-- | unix.c | 20 |
1 files changed, 16 insertions, 4 deletions
@@ -211,15 +211,25 @@ static int crypt_main(int argc, char *argv[]) " %s -x chkhash <hashed password> <cleartext password>\n", argv[0], argv[0], argv[0], argv[0], argv[0]); } else if (strcmp(argv[2], "enc") == 0) { - pass_len = arc_encode(argv[4], strlen(argv[4]), (unsigned char **) &pass_cr, argv[3], 12); - printf("%s\n", base64_encode(pass_cr, pass_len)); + char *encoded; + + pass_len = arc_encode(argv[4], strlen(argv[4]), &pass_cr, argv[3], 12); + + encoded = base64_encode(pass_cr, pass_len); + printf("%s\n", encoded); + g_free(encoded); + g_free(pass_cr); } else if (strcmp(argv[2], "dec") == 0) { - pass_len = base64_decode(argv[4], (unsigned char **) &pass_cr); + pass_len = base64_decode(argv[4], &pass_cr); arc_decode(pass_cr, pass_len, (char **) &pass_cl, argv[3]); printf("%s\n", pass_cl); + + g_free(pass_cr); + g_free(pass_cl); } else if (strcmp(argv[2], "hash") == 0) { md5_byte_t pass_md5[21]; md5_state_t md5_state; + char *encoded; random_bytes(pass_md5 + 16, 5); md5_init(&md5_state); @@ -227,7 +237,9 @@ static int crypt_main(int argc, char *argv[]) md5_append(&md5_state, pass_md5 + 16, 5); /* Add the salt. */ md5_finish(&md5_state, pass_md5); - printf("%s\n", base64_encode(pass_md5, 21)); + encoded = base64_encode(pass_md5, 21); + printf("%s\n", encoded); + g_free(encoded); } else if (strcmp(argv[2], "unhash") == 0) { printf("Hash %s submitted to a massive Beowulf cluster of\n" "overclocked 486s. Expect your answer next year somewhere around this time. :-)\n", argv[3]); |