From ca7769d8b4ecc070320a727dbe307872523a0766 Mon Sep 17 00:00:00 2001
From: Adam <Adam@anope.org>
Date: Sat, 3 Jul 2010 15:17:58 -0400
Subject: [PATCH] Fixed bug #1172: Encrypt the whole password given to nickserv
 and chanserv REGISTER This prevents us from truncating peoples passwords
 without telling them, which makes it so you can't identify with the same
 password you registered with if your password is really long.

---
 Changes                | 2 +-
 src/core/cs_register.c | 6 +-----
 src/core/ns_register.c | 8 +++-----
 version.log            | 3 ++-
 4 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/Changes b/Changes
index c037fc869..41fb781b4 100644
--- a/Changes
+++ b/Changes
@@ -15,7 +15,7 @@ Anope Version 1.8 - SVN
 05/23  F Fixed SQUITing juped servers on InspIRCd 1.2                    [#1165]
 06/15  F Fixed ./Config to correctly load config.cache                   [  #00]
 06/24  F Fixed pseudo-client kills not being detected on some TS6 IRCDs. [  #00]
-
+07/01  F Fixed encrypting very long passwords when registering           [#1172]
 
 Anope Version 1.8.4
 -------------------
diff --git a/src/core/cs_register.c b/src/core/cs_register.c
index 77915aa65..c867fa00e 100644
--- a/src/core/cs_register.c
+++ b/src/core/cs_register.c
@@ -75,7 +75,6 @@ int do_register(User * u)
     ChannelInfo *ci;
     struct u_chaninfolist *uc;
     int is_servadmin = is_services_admin(u);
-    char founderpass[PASSMAX];
     char tmp_pass[PASSMAX];
 
     if (readonly) {
@@ -129,8 +128,7 @@ int do_register(User * u)
         alog("%s: makechan() failed for REGISTER %s", s_ChanServ, chan);
         notice_lang(s_ChanServ, u, CHAN_REGISTRATION_FAILED);
 
-    } else if (strscpy(founderpass, pass, PASSMAX),
-               enc_encrypt_in_place(founderpass, PASSMAX) < 0) {
+    } else if (enc_encrypt(pass, strlen(pass), ci->founderpass, PASSMAX - 1) < 0) {
         alog("%s: Couldn't encrypt password for %s (REGISTER)",
              s_ChanServ, chan);
         notice_lang(s_ChanServ, u, CHAN_REGISTRATION_FAILED);
@@ -145,8 +143,6 @@ int do_register(User * u)
         ci->last_used = ci->time_registered;
         ci->founder = nc;
 
-        memset(pass, 0, strlen(pass));
-        memcpy(ci->founderpass, founderpass, PASSMAX);
         ci->desc = sstrdup(desc);
         if (c->topic) {
             ci->last_topic = sstrdup(c->topic);
diff --git a/src/core/ns_register.c b/src/core/ns_register.c
index 171315b60..9db168f9c 100644
--- a/src/core/ns_register.c
+++ b/src/core/ns_register.c
@@ -197,11 +197,9 @@ int do_register(User * u)
         } passcode[idx] = '\0';
         nr = makerequest(u->nick);
         nr->passcode = sstrdup(passcode);
-        strscpy(nr->password, pass, PASSMAX);
-        memset(pass, 0, strlen(pass));
-        /* We are paranoid about keeping a plain text pass in memory, yet we would write
-         * it to a database.. - Viper */
-        enc_encrypt_in_place(nr->password, PASSMAX);
+        if (enc_encrypt(pass, strlen(pass), nr->password, PASSMAX - 1) < 0) {
+            alog("Failed to encrypt password for %s", nr->nick);
+        }
         if (email) {
             nr->email = sstrdup(email);
         }
diff --git a/version.log b/version.log
index 8ab8ded46..d9afa93e3 100644
--- a/version.log
+++ b/version.log
@@ -8,9 +8,10 @@ VERSION_MAJOR="1"
 VERSION_MINOR="8"
 VERSION_PATCH="4"
 VERSION_EXTRA="-git"
-VERSION_BUILD="3009"
+VERSION_BUILD="3010"
 
 # $Log$ # Changes since the 1.8.4 Release
+#Revision 3010 - Encrypt very long passwords properly on /ns and /cs register
 #Revision 3009 - Fixed charybdis and ratbox protocol modules not (properly) translating TS6 UIDs into nicks on kills.
 #Revision 3007 - Removed all references to the SVN keyword $Id$
 #Revision 3006 - Set all of the core modules versions to VERSION_STRING - SVN is now officially not used anymore