d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

In usr.bin/csup/auth.c, use the correct number of bytes for zeroing the

Browse Source 
shared secret, and use long long format to snprintf a time_t.

MFC after:	1 week
This commit is contained in:
Dimitry Andric 2011-12-17 13:14:44 +00:00
parent 586f63035f
commit 582ad8aebf
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=228625
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
usr.bin/csup/auth.c
View File

@ -254,7 +254,7 @@ auth_makesecret(struct srvrecord *auth, char *secret)
MD5_Update(&md5, ":", 1);
MD5_Update(&md5, auth->password, strlen(auth->password));
MD5_Final(md5sum, &md5);
memset(secret, 0, sizeof(secret));
memset(secret, 0, MD5_CHARS_MAX);
strcpy(secret, md5salt);
auth_readablesum(md5sum, secret + strlen(md5salt));
}
@ -302,8 +302,9 @@ auth_makechallenge(struct config *config, char *challenge)
}
gettimeofday(&tv, NULL);
MD5_Init(&md5);
snprintf(buf, sizeof(buf), "%s:%ld:%ld:%ld:%d:%d",
inet_ntoa(laddr.sin_addr), tv.tv_sec, tv.tv_usec, random(), pid, ppid);
snprintf(buf, sizeof(buf), "%s:%lld:%ld:%ld:%d:%d",
inet_ntoa(laddr.sin_addr), (long long)tv.tv_sec, tv.tv_usec,
random(), pid, ppid);
MD5_Update(&md5, buf, strlen(buf));
MD5_Final(md5sum, &md5);
auth_readablesum(md5sum, challenge);