diff options
author | Mattias Andrée <maandree@kth.se> | 2023-06-23 16:24:26 +0200 |
---|---|---|
committer | Mattias Andrée <maandree@kth.se> | 2023-06-23 16:24:26 +0200 |
commit | 2a717740fa534a3a5bd0040ef9606e15bbe7115c (patch) | |
tree | e78cd57b48a31c9178d12cac53d0f40a957becf3 | |
parent | Implement authentication (diff) | |
download | key2root-2a717740fa534a3a5bd0040ef9606e15bbe7115c.tar.gz key2root-2a717740fa534a3a5bd0040ef9606e15bbe7115c.tar.bz2 key2root-2a717740fa534a3a5bd0040ef9606e15bbe7115c.tar.xz |
Fix mistakes
Signed-off-by: Mattias Andrée <maandree@kth.se>
-rw-r--r-- | key2root-addkey.c | 16 | ||||
-rw-r--r-- | key2root-lskeys.c | 2 | ||||
-rw-r--r-- | key2root-rmkey.c | 4 | ||||
-rw-r--r-- | key2root.c | 26 |
4 files changed, 29 insertions, 19 deletions
diff --git a/key2root-addkey.c b/key2root-addkey.c index 78435f3..989aa8f 100644 --- a/key2root-addkey.c +++ b/key2root-addkey.c @@ -48,7 +48,7 @@ checkkey(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *line int failed = 0; size_t len; - while (*rhead2p < whead || data[*rhead2p] != '\n') + while (*rhead2p < whead && data[*rhead2p] != '\n') ++*rhead2p; if (data[*rhead2p] != '\n') @@ -66,7 +66,7 @@ checkkey(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *line failed = 1; } - if (failed || klen >= len || data[*rheadp + klen] != ' ' || memcpy(&data[*rheadp], keyname, klen)) { + if (failed || klen >= len || data[*rheadp + klen] != ' ' || memcmp(&data[*rheadp], keyname, klen)) { *rheadp = ++*rhead2p; return 0; } else { @@ -196,10 +196,8 @@ main(int argc, char *argv[]) if (failed) return 1; - if (mlockall(MCL_CURRENT | MCL_FUTURE)) { + if (mlockall(MCL_CURRENT | MCL_FUTURE)) fprintf(stderr, "%s: mlockall MCL_CURRENT|MCL_FUTURE: %s\n", argv0, strerror(errno)); - exit(1); - } if (!parameters) { stpcpy(mksalt(stpcpy(generated_parameters, HASH_PREFIX)), "$"); @@ -238,8 +236,8 @@ main(int argc, char *argv[]) fprintf(stderr, "%s: crypt <key> %s: %s\n", argv0, parameters, strerror(errno)); explicit_bzero(key, key_len); free(key); - key_size = key_len = strlen(keyname) + strlen(hash) + 3; - key = malloc(key_len); + key_size = key_len = strlen(keyname) + strlen(hash) + 2; + key = malloc(key_len + 1); if (!key) { fprintf(stderr, "%s: malloc: %s\n", argv0, strerror(errno)); exit(1); @@ -284,7 +282,7 @@ main(int argc, char *argv[]) gap_size = end - beginning; if (gap_size > key_len) { memmove(&data[beginning + key_len], &data[end], data_len - end); - data_len -= key_len - gap_size; + data_len -= gap_size - key_len; } else if (gap_size < key_len) { gap_increase = key_len - gap_size; if (data_len + gap_increase > data_size) { @@ -295,7 +293,7 @@ main(int argc, char *argv[]) exit(1); } } - memmove(&data[end], &data[end + gap_increase], data_len - end); + memmove(&data[end + gap_increase], &data[end], data_len - end); data_len += gap_increase; } memcpy(&data[beginning], key, key_len); diff --git a/key2root-lskeys.c b/key2root-lskeys.c index a25b32d..85d6661 100644 --- a/key2root-lskeys.c +++ b/key2root-lskeys.c @@ -27,7 +27,7 @@ outputkey(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *lin int failed = 0; size_t len; - while (*rhead2p < whead || data[*rhead2p] != '\n') + while (*rhead2p < whead && data[*rhead2p] != '\n') ++*rhead2p; if (data[*rhead2p] != '\n') diff --git a/key2root-rmkey.c b/key2root-rmkey.c index 1b4a366..f44cf06 100644 --- a/key2root-rmkey.c +++ b/key2root-rmkey.c @@ -45,7 +45,7 @@ removekeys(char *data, size_t *wheadp, size_t *rheadp, size_t *rhead2p, size_t * size_t len, klen; size_t i; - while (*rhead2p < *wheadp || data[*rhead2p] != '\n') + while (*rhead2p < *wheadp && data[*rhead2p] != '\n') ++*rhead2p; if (data[*rhead2p] != '\n') @@ -68,7 +68,7 @@ removekeys(char *data, size_t *wheadp, size_t *rheadp, size_t *rhead2p, size_t * } else { for (i = 0; i < *nkeysp; i++) { klen = strlen(keys[i]); - if (klen >= len || data[*rheadp + klen] != ' ' || memcpy(&data[*rheadp], keys[i], klen)) + if (klen >= len || data[*rheadp + klen] != ' ' || memcmp(&data[*rheadp], keys[i], klen)) continue; /* retain key order so that they are output in the provided order if not found */ memmove(&keys[i], &keys[i + 1], (--*nkeysp - i) * sizeof(*keys)); @@ -224,6 +224,20 @@ set_environ(void) static int +hashequal(const char *a, const char *b) +{ + size_t an = strlen(a) + 1; + size_t bn = strlen(b) + 1; + size_t n = an < bn ? an : bn; + size_t i; + int diff = 0; + for (i = 0; i < n; i++) + diff |= a[i] ^ b[i]; + return !diff; +} + + +static int checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *linenop, const char *path, const char *keyname, size_t keyname_len, const char *key, size_t key_len, int *key_foundp) { @@ -231,7 +245,7 @@ checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *lin char *hash, *sp; size_t len; - while (*rhead2p < whead || data[*rhead2p] != '\n') + while (*rhead2p < whead && data[*rhead2p] != '\n') ++*rhead2p; if (data[*rhead2p] != '\n') @@ -254,7 +268,7 @@ checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *lin keyname_len = (size_t)(sp - &data[*rheadp]); goto check; } else if (failed || keyname_len >= len || data[*rheadp + keyname_len] != ' ' || - memcpy(&data[*rheadp], keyname, keyname_len)) { + memcmp(&data[*rheadp], keyname, keyname_len)) { *rheadp = ++*rhead2p; return 0; } else { @@ -263,7 +277,7 @@ checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *lin *key_foundp = 1; data[(*rhead2p)++] = '\0'; hash = crypt(key, &data[*rheadp]); - match = hash && strlen(hash) == key_len && !memcmp(hash, key, key_len); + match = hash && hashequal(hash, &data[*rheadp]); *rheadp = *rhead2p; return match; } @@ -364,10 +378,8 @@ main(int argc, char *argv[]) if (!argc) usage(); - if (mlockall(MCL_CURRENT | MCL_FUTURE)) { + if (mlockall(MCL_CURRENT | MCL_FUTURE)) fprintf(stderr, "%s: mlockall MCL_CURRENT|MCL_FUTURE: %s\n", argv0, strerror(errno)); - exit(EXIT_ERROR); - } sprintf(path_user_id, "%s/%ju", KEYPATH, (uintmax_t)getuid()); errno = 0; @@ -419,7 +431,7 @@ main(int argc, char *argv[]) !authenticate(path_user_name, key_name, key, key_len, &key_found)) { fprintf(stderr, "%s: authentication failed: %s\n", argv0, key_name ? (key_found ? "key mismatch" : "key not found") - : (key_found ? "no match key found" : "no key found")); + : (key_found ? "no matching key found" : "no key found")); explicit_bzero(key, key_len); exit(EXIT_AUTH); } |