ref: 4d5e1e798e2051b8e42e9f4841262dddf673e21e
parent: e51fc2d4b90d29fedc7794c90d37d1ce862dcc74
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Fri Jan 6 16:15:35 EST 2023
libauthsrv: better passtodeskey() Using sizeof() and memmove() avoids some silly warning that n = strlen(p) depends on the length of the string (duh!) but gcc was not recognizing the range check.
--- a/libauthsrv/passtokey.c
+++ b/libauthsrv/passtokey.c
@@ -6,17 +6,17 @@
void
passtodeskey(char key[DESKEYLEN], char *p)
{- uchar buf[ANAMELEN], *t;
+ uchar buf[PASSWDLEN], *t;
int i, n;
- n = strlen(p);
- if(n >= ANAMELEN)
- n = ANAMELEN-1;
memset(buf, ' ', 8);
- t = buf;
- strncpy((char*)t, p, n);
- t[n] = 0;
+ n = strlen(p);
+ if(n >= sizeof(buf))
+ n = sizeof(buf)-1;
+ memmove(buf, p, n);
+ buf[n] = 0;
memset(key, 0, DESKEYLEN);
+ t = buf;
for(;;){for(i = 0; i < DESKEYLEN; i++)
key[i] = (t[i] >> i) + (t[i+1] << (8 - (i+1)));