1
0
mirror of https://github.com/anope/anope.git synced 2026-07-08 16:43:13 +02:00

Fixed bug #1172: Encrypt the whole password given to nickserv and chanserv REGISTER

This prevents us from truncating peoples passwords without telling them,
which makes it so you can't identify with the same password you registered
with if your password is really long.
This commit is contained in:
Adam
2010-07-03 15:17:58 -04:00
parent e5bd79ba19
commit ca7769d8b4
4 changed files with 7 additions and 12 deletions
+1 -5
View File
@@ -75,7 +75,6 @@ int do_register(User * u)
ChannelInfo *ci;
struct u_chaninfolist *uc;
int is_servadmin = is_services_admin(u);
char founderpass[PASSMAX];
char tmp_pass[PASSMAX];
if (readonly) {
@@ -129,8 +128,7 @@ int do_register(User * u)
alog("%s: makechan() failed for REGISTER %s", s_ChanServ, chan);
notice_lang(s_ChanServ, u, CHAN_REGISTRATION_FAILED);
} else if (strscpy(founderpass, pass, PASSMAX),
enc_encrypt_in_place(founderpass, PASSMAX) < 0) {
} else if (enc_encrypt(pass, strlen(pass), ci->founderpass, PASSMAX - 1) < 0) {
alog("%s: Couldn't encrypt password for %s (REGISTER)",
s_ChanServ, chan);
notice_lang(s_ChanServ, u, CHAN_REGISTRATION_FAILED);
@@ -145,8 +143,6 @@ int do_register(User * u)
ci->last_used = ci->time_registered;
ci->founder = nc;
memset(pass, 0, strlen(pass));
memcpy(ci->founderpass, founderpass, PASSMAX);
ci->desc = sstrdup(desc);
if (c->topic) {
ci->last_topic = sstrdup(c->topic);
+3 -5
View File
@@ -197,11 +197,9 @@ int do_register(User * u)
} passcode[idx] = '\0';
nr = makerequest(u->nick);
nr->passcode = sstrdup(passcode);
strscpy(nr->password, pass, PASSMAX);
memset(pass, 0, strlen(pass));
/* We are paranoid about keeping a plain text pass in memory, yet we would write
* it to a database.. - Viper */
enc_encrypt_in_place(nr->password, PASSMAX);
if (enc_encrypt(pass, strlen(pass), nr->password, PASSMAX - 1) < 0) {
alog("Failed to encrypt password for %s", nr->nick);
}
if (email) {
nr->email = sstrdup(email);
}