From a52a6a8d52feccd7b2231317d667e734fd040adb Mon Sep 17 00:00:00 2001 From: Chip Black Date: Sat, 8 Jan 2011 23:52:56 -0600 Subject: [PATCH] Limit password length to 64 characters --- common/auth.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/common/auth.c b/common/auth.c index 7e63f96..26569fd 100644 --- a/common/auth.c +++ b/common/auth.c @@ -12,17 +12,22 @@ #include "util.h" #define TOKEN_SIZE 16 +#define MAX_PASSWORD_LENGTH 64 int auth_set_password(const char *username, const char *password) { char filename[512]; - int fd; + int fd, n; if (!valid_name(username) || !blerg_exists(username)) return 0; + n = strlen(password); + if (n > MAX_PASSWORD_LENGTH) + return 0; + snprintf(filename, 512, "%s/%s/password", DATA_PATH, username); fd = open(filename, O_WRONLY | O_CREAT, 0600); - write(fd, password, strlen(password)); + write(fd, password, n); close(fd); return 1; @@ -40,7 +45,7 @@ int auth_get_password(const char *username, char *password) { fd = open(filename, O_RDONLY); if (fd == -1) return 0; - len = read(fd, password, 32); + len = read(fd, password, MAX_PASSWORD_LENGTH); close(fd); password[len] = 0; @@ -54,7 +59,7 @@ int auth_check_password(const char *username, const char *password) { if (auth_get_password(username, epw) == 0) return 0; - if (strncmp(password, epw, 32) == 0) + if (strncmp(password, epw, MAX_PASSWORD_LENGTH) == 0) return 1; else return 0; -- 2.34.1