diff options
| author | Sadie Powell <sadie@witchery.services> | 2024-03-10 20:06:53 +0000 |
|---|---|---|
| committer | Sadie Powell <sadie@witchery.services> | 2024-03-10 20:46:03 +0000 |
| commit | e2df7d4d01f8fdb41c49ce8efc462cab005e7d5c (patch) | |
| tree | dd9d66c45dd69ee01a700dfa62438999beaaada7 /modules/encryption/enc_old.cpp | |
| parent | 9a984a814810306f2ca2690a0c8c25bcb1e87258 (diff) | |
Ensure that verify-only encryption modules can never encrypt passwords.
If another module was loaded first and then later unloaded it was
possible for a deprecated module to encrypt passwords.
Diffstat (limited to 'modules/encryption/enc_old.cpp')
| -rw-r--r-- | modules/encryption/enc_old.cpp | 50 |
1 files changed, 23 insertions, 27 deletions
diff --git a/modules/encryption/enc_old.cpp b/modules/encryption/enc_old.cpp index a3b4c98c5..4b6dc438a 100644 --- a/modules/encryption/enc_old.cpp +++ b/modules/encryption/enc_old.cpp @@ -18,6 +18,26 @@ class EOld final private: ServiceReference<Encryption::Provider> md5; + Anope::string EncryptInternal(const Anope::string &src) + { + if (!md5) + return {}; + + char digest[32]; + memset(digest, 0, sizeof(digest)); + + auto hash = md5->Encrypt(src); + if (hash.length() != sizeof(digest)) + return {}; // Probably a bug? + memcpy(digest, hash.data(), hash.length()); + + char digest2[16]; + for (size_t i = 0; i < sizeof(digest); i += 2) + digest2[i / 2] = XTOI(digest[i]) << 4 | XTOI(digest[i + 1]); + + return Anope::Hex(digest2, sizeof(digest2)); + } + inline static char XTOI(char c) { return c > 9 ? c - 'A' + 10 : c - '0'; @@ -36,32 +56,9 @@ public: throw ModuleException("Unable to find md5 reference"); } - EventReturn OnEncrypt(const Anope::string &src, Anope::string &dest) override - { - if (!md5) - return EVENT_CONTINUE; - - char digest[32]; - memset(digest, 0, sizeof(digest)); - - auto hash = md5->Encrypt(src); - if (hash.length() != sizeof(digest)) - return EVENT_CONTINUE; // Probably a bug? - memcpy(digest, hash.data(), hash.length()); - - char digest2[16]; - for (size_t i = 0; i < sizeof(digest); i += 2) - digest2[i / 2] = XTOI(digest[i]) << 4 | XTOI(digest[i + 1]); - - auto enc = "oldmd5:" + Anope::Hex(digest2, sizeof(digest2)); - Log(LOG_DEBUG_2) << "(enc_old) hashed password from [" << src << "] to [" << enc << "]"; - dest = enc; - return EVENT_ALLOW; - } - void OnCheckAuthentication(User *, IdentifyRequest *req) override { - const NickAlias *na = NickAlias::Find(req->GetAccount()); + const auto *na = NickAlias::Find(req->GetAccount()); if (!na) return; @@ -74,9 +71,8 @@ public: if (!hash_method.equals_cs("oldmd5")) return; - Anope::string buf; - this->OnEncrypt(req->GetPassword(), buf); - if (nc->pass.equals_cs(buf)) + auto enc = EncryptInternal(req->GetPassword()); + if (!enc.empty() && nc->pass.equals_cs(enc)) { // If we are NOT the first encryption module we want to re-encrypt // the password with the primary encryption method. |