Fixed bug #1172: Encrypt the whole password given to nickserv and chanserv REGISTER

This prevents us from truncating peoples passwords without telling them,
which makes it so you can't identify with the same password you registered
with if your password is really long.

Changes

@@ -15,7 +15,7 @@ Anope Version 1.8 - SVN
 05/23  F Fixed SQUITing juped servers on InspIRCd 1.2                    [#1165]
 06/15  F Fixed ./Config to correctly load config.cache                   [  #00]
 06/24  F Fixed pseudo-client kills not being detected on some TS6 IRCDs. [  #00]
-
+07/01  F Fixed encrypting very long passwords when registering           [#1172]
 
 Anope Version 1.8.4
 -------------------

src/core/cs_register.c

@@ -75,7 +75,6 @@ int do_register(User * u)
     ChannelInfo *ci;
     struct u_chaninfolist *uc;
     int is_servadmin = is_services_admin(u);
-    char founderpass[PASSMAX];
     char tmp_pass[PASSMAX];
 
     if (readonly) {
@@ -129,8 +128,7 @@ int do_register(User * u)
         alog("%s: makechan() failed for REGISTER %s", s_ChanServ, chan);
         notice_lang(s_ChanServ, u, CHAN_REGISTRATION_FAILED);
 
-    } else if (strscpy(founderpass, pass, PASSMAX),
-               enc_encrypt_in_place(founderpass, PASSMAX) < 0) {
+    } else if (enc_encrypt(pass, strlen(pass), ci->founderpass, PASSMAX - 1) < 0) {
         alog("%s: Couldn't encrypt password for %s (REGISTER)",
              s_ChanServ, chan);
         notice_lang(s_ChanServ, u, CHAN_REGISTRATION_FAILED);
@@ -145,8 +143,6 @@ int do_register(User * u)
         ci->last_used = ci->time_registered;
         ci->founder = nc;
 
-        memset(pass, 0, strlen(pass));
-        memcpy(ci->founderpass, founderpass, PASSMAX);
         ci->desc = sstrdup(desc);
         if (c->topic) {
             ci->last_topic = sstrdup(c->topic);

src/core/ns_register.c

@@ -197,11 +197,9 @@ int do_register(User * u)
         } passcode[idx] = '\0';
         nr = makerequest(u->nick);
         nr->passcode = sstrdup(passcode);
-        strscpy(nr->password, pass, PASSMAX);
-        memset(pass, 0, strlen(pass));
-        /* We are paranoid about keeping a plain text pass in memory, yet we would write
-         * it to a database.. - Viper */
-        enc_encrypt_in_place(nr->password, PASSMAX);
+        if (enc_encrypt(pass, strlen(pass), nr->password, PASSMAX - 1) < 0) {
+            alog("Failed to encrypt password for %s", nr->nick);
+        }
         if (email) {
             nr->email = sstrdup(email);
         }

version.log

@@ -8,9 +8,10 @@ VERSION_MAJOR="1"
 VERSION_MINOR="8"
 VERSION_PATCH="4"
 VERSION_EXTRA="-git"
-VERSION_BUILD="3009"
+VERSION_BUILD="3010"
 
 # $Log$ # Changes since the 1.8.4 Release
+#Revision 3010 - Encrypt very long passwords properly on /ns and /cs register
 #Revision 3009 - Fixed charybdis and ratbox protocol modules not (properly) translating TS6 UIDs into nicks on kills.
 #Revision 3007 - Removed all references to the SVN keyword $Id$
 #Revision 3006 - Set all of the core modules versions to VERSION_STRING - SVN is now officially not used anymore