diff options
| author | Adam <Adam@anope.org> | 2010-07-03 15:17:58 -0400 |
|---|---|---|
| committer | Adam <Adam@anope.org> | 2010-07-03 15:17:58 -0400 |
| commit | ca7769d8b4ecc070320a727dbe307872523a0766 (patch) | |
| tree | ebc22c0297baba1d3a6daa09262f4a1608575b94 /src | |
| parent | e5bd79ba196c41c7561ed552649cb67a8691e045 (diff) | |
Fixed bug #1172: Encrypt the whole password given to nickserv and chanserv REGISTER
This prevents us from truncating peoples passwords without telling them,
which makes it so you can't identify with the same password you registered
with if your password is really long.
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/cs_register.c | 6 | ||||
| -rw-r--r-- | src/core/ns_register.c | 8 |
2 files changed, 4 insertions, 10 deletions
diff --git a/src/core/cs_register.c b/src/core/cs_register.c index 77915aa65..c867fa00e 100644 --- a/src/core/cs_register.c +++ b/src/core/cs_register.c @@ -75,7 +75,6 @@ int do_register(User * u) ChannelInfo *ci; struct u_chaninfolist *uc; int is_servadmin = is_services_admin(u); - char founderpass[PASSMAX]; char tmp_pass[PASSMAX]; if (readonly) { @@ -129,8 +128,7 @@ int do_register(User * u) alog("%s: makechan() failed for REGISTER %s", s_ChanServ, chan); notice_lang(s_ChanServ, u, CHAN_REGISTRATION_FAILED); - } else if (strscpy(founderpass, pass, PASSMAX), - enc_encrypt_in_place(founderpass, PASSMAX) < 0) { + } else if (enc_encrypt(pass, strlen(pass), ci->founderpass, PASSMAX - 1) < 0) { alog("%s: Couldn't encrypt password for %s (REGISTER)", s_ChanServ, chan); notice_lang(s_ChanServ, u, CHAN_REGISTRATION_FAILED); @@ -145,8 +143,6 @@ int do_register(User * u) ci->last_used = ci->time_registered; ci->founder = nc; - memset(pass, 0, strlen(pass)); - memcpy(ci->founderpass, founderpass, PASSMAX); ci->desc = sstrdup(desc); if (c->topic) { ci->last_topic = sstrdup(c->topic); diff --git a/src/core/ns_register.c b/src/core/ns_register.c index 171315b60..9db168f9c 100644 --- a/src/core/ns_register.c +++ b/src/core/ns_register.c @@ -197,11 +197,9 @@ int do_register(User * u) } passcode[idx] = '\0'; nr = makerequest(u->nick); nr->passcode = sstrdup(passcode); - strscpy(nr->password, pass, PASSMAX); - memset(pass, 0, strlen(pass)); - /* We are paranoid about keeping a plain text pass in memory, yet we would write - * it to a database.. - Viper */ - enc_encrypt_in_place(nr->password, PASSMAX); + if (enc_encrypt(pass, strlen(pass), nr->password, PASSMAX - 1) < 0) { + alog("Failed to encrypt password for %s", nr->nick); + } if (email) { nr->email = sstrdup(email); } |