Reject registrations and password changes if password encryption fails.

5 files changed, 31 insertions, 11 deletions

diff --git a/include/anope.h b/include/anope.h
index c4a2079aa..9145b7337 100644
--- a/include/anope.h
+++ b/include/anope.h
@@ -470,7 +470,7 @@ namespace Anope
 	 * @param src The source string to encrypt
 	 * @param dest The destination where the encrypted string is placed
 	 */
-	extern CoreExport void Encrypt(const Anope::string &src, Anope::string &dest);
+	extern CoreExport bool Encrypt(const Anope::string &src, Anope::string &dest);
 
 	/** Hashes a buffer with SipHash-2-4
 	 * @param src The start of the buffer to hash
diff --git a/language/anope.en_US.po b/language/anope.en_US.po
index 8b8dad7aa..97aea2c23 100644
--- a/language/anope.en_US.po
+++ b/language/anope.en_US.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Anope\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-03-09 21:00+0000\n"
-"PO-Revision-Date: 2024-03-09 21:00+0000\n"
+"POT-Creation-Date: 2024-03-11 19:36+0000\n"
+"PO-Revision-Date: 2024-03-11 19:36+0000\n"
 "Last-Translator: Sadie Powell <sadie@witchery.services>\n"
 "Language-Team: English\n"
 "Language: en_US\n"
@@ -1803,6 +1803,9 @@ msgstr "Account"
 msgid "Account %s has already reached the maximum number of simultaneous logins (%u)."
 msgstr "Account %s has already reached the maximum number of simultaneous logins (%u)."
 
+msgid "Accounts can not be registered right now. Please try again later."
+msgstr "Accounts can not be registered right now. Please try again later."
+
 msgid "Activate the requested vHost for the given nick."
 msgstr "Activate the requested vHost for the given nick."
 
@@ -5292,6 +5295,9 @@ msgstr "Password incorrect."
 msgid "Password reset email for %s has been sent."
 msgstr "Password reset email for %s has been sent."
 
+msgid "Passwords can not be changed right now. Please try again later."
+msgstr "Passwords can not be changed right now. Please try again later."
+
 #, c-format
 msgid "Passwords encrypted with %s: %zu"
 msgstr "Passwords encrypted with %s: %zu"
diff --git a/modules/nickserv/ns_register.cpp b/modules/nickserv/ns_register.cpp
index 599e50e45..0f5fc5533 100644
--- a/modules/nickserv/ns_register.cpp
+++ b/modules/nickserv/ns_register.cpp
@@ -211,10 +211,17 @@ public:
 			source.Reply(MAIL_X_INVALID, email.c_str());
 		else
 		{
+			Anope::string encpass;
+			if (!Anope::Encrypt(pass, encpass))
+			{
+				source.Reply(_("Accounts can not be registered right now. Please try again later."));
+				return;
+			}
+
 			auto *nc = new NickCore(u_nick);
 			auto *na = new NickAlias(u_nick, nc);
-			Anope::Encrypt(pass, nc->pass);
 			nc->email = email;
+			nc->pass = encpass;
 
 			if (u)
 			{
diff --git a/modules/nickserv/ns_set.cpp b/modules/nickserv/ns_set.cpp
index d38c62051..ed3708d16 100644
--- a/modules/nickserv/ns_set.cpp
+++ b/modules/nickserv/ns_set.cpp
@@ -148,9 +148,13 @@ public:
 			return;
 		}
 
-		Log(LOG_COMMAND, source, this) << "to change their password";
+		if (!Anope::Encrypt(param, source.nc->pass))
+		{
+			source.Reply(_("Passwords can not be changed right now. Please try again later."));
+			return;
+		}
 
-		Anope::Encrypt(param, source.nc->pass);
+		Log(LOG_COMMAND, source, this) << "to change their password";
 		source.Reply(_("Password for \002%s\002 changed."), source.nc->display.c_str());
 	}
 
@@ -218,10 +222,13 @@ public:
 			return;
 		}
 
-		Log(LOG_ADMIN, source, this) << "to change the password of " << nc->display;
+		if (!Anope::Encrypt(params[1], nc->pass))
+		{
+			source.Reply(_("Passwords can not be changed right now. Please try again later."));
+			return;
+		}
 
-		Anope::Encrypt(params[1], nc->pass);
-		Anope::string tmp_pass;
+		Log(LOG_ADMIN, source, this) << "to change the password of " << nc->display;
 		source.Reply(_("Password for \002%s\002 changed."), nc->display.c_str());
 	}
 
diff --git a/src/misc.cpp b/src/misc.cpp
index a64de450e..d2c05da12 100644
--- a/src/misc.cpp
+++ b/src/misc.cpp
@@ -494,11 +494,11 @@ bool Anope::Match(const Anope::string &str, const Anope::string &mask, bool case
 	return m == mask_len;
 }
 
-void Anope::Encrypt(const Anope::string &src, Anope::string &dest)
+bool Anope::Encrypt(const Anope::string &src, Anope::string &dest)
 {
 	EventReturn MOD_RESULT;
 	FOREACH_RESULT(OnEncrypt, MOD_RESULT, (src, dest));
-	static_cast<void>(MOD_RESULT);
+	return MOD_RESULT == EVENT_ALLOW &&!dest.empty();
 }
 
 Anope::string Anope::printf(const char *fmt, ...)