pegasus/anope
1
0
Fork 0
mirror of https://github.com/anope/anope.git synced 2026-06-28 22:16:37 +02:00
Code Activity

Ensure that verify-only encryption modules can never encrypt passwords.

Browse Source 
If another module was loaded first and then later unloaded it was
possible for a deprecated module to encrypt passwords.
This commit is contained in:
Sadie Powell
2024-03-10 20:06:53 +00:00
parent 9a984a8148
commit e2df7d4d01
6 changed files with 68 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/encryption/enc_md5.cpp
+2 -11
View File
@@ -61,18 +61,10 @@ public:
});
}
EventReturn OnEncrypt(const Anope::string &src, Anope::string &dest) override
{
auto enc = "md5:" + Anope::Hex(md5provider.Encrypt(src));
Log(LOG_DEBUG_2) << "(enc_md5) hashed password from [" << src << "] to [" << enc << "]";
dest = enc;
return EVENT_ALLOW;
}
void OnCheckAuthentication(User *, IdentifyRequest *req) override
{
const auto *na = NickAlias::Find(req->GetAccount());
if (na == NULL)
if (!na)
return;
NickCore *nc = na->nc;
@@ -84,8 +76,7 @@ public:
if (!hash_method.equals_cs("md5"))
return;
Anope::string enc;
this->OnEncrypt(req->GetPassword(), enc);
auto enc = "md5:" + Anope::Hex(md5provider.Encrypt(req->GetPassword()));
if (nc->pass.equals_cs(enc))
{
// If we are NOT the first encryption module we want to re-encrypt