From d7f7cb53de87b77c98502a3e37fee01285290d66 Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Tue, 13 Apr 2021 02:07:44 +0200 Subject: Add pepper to input hash ("password"), not to salt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- libsecauth_server_hash.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/libsecauth_server_hash.c b/libsecauth_server_hash.c index 80f9318..1d4b2fa 100644 --- a/libsecauth_server_hash.c +++ b/libsecauth_server_hash.c @@ -11,7 +11,7 @@ libsecauth_server_hash(const struct libsecauth_spec *spec, const char *inhash, c { struct crypt_data hashbuf[2]; const char *hash = inhash, *result; - char *posthash = NULL, *p; + char *pepperedhash = NULL; uint32_t rounds; size_t i = 0; @@ -26,17 +26,15 @@ libsecauth_server_hash(const struct libsecauth_spec *spec, const char *inhash, c } if (pepper) { - posthash = malloc(strlen(spec->posthash) + strlen(pepper) + 2); - if (!posthash) + pepperedhash = malloc(strlen(pepper) + strlen(hash) + 1); + if (!pepperedhash) return -1; - p = stpcpy(posthash, spec->posthash); - if (*posthash && p[-1] == '$') - p -= 1; - stpcpy(p, pepper); + stpcpy(stpcpy(pepperedhash, pepper), hash); + hash = pepperedhash; } - hash = crypt_r(hash, posthash ? posthash : spec->posthash, &hashbuf[i]); - free(posthash); + hash = crypt_r(hash, spec->posthash, &hashbuf[i]); + free(pepperedhash); if (!hash) return -1; -- cgit v1.2.3-70-g09d2