otpauthexternal

otpauthexternal Commit Details


Date:2013-08-24 23:06:00 (11 years 3 months ago)
Author:Natalie Adams
Branch:default
Commit:11c279922597
Parents: a141f344305b
Message:Fixing some potential meory leaks and adding an escape to the username input

to prevent SQL injection
Changes:
Motp.c (5 diffs)

File differences

otp.c
218218
219219
220220
221
221222
222223
223224
......
259260
260261
261262
262
263
263
264
265
264266
265
267
266268
269
270
267271
268272
269273
270274
271
275
276
277
278
279
280
272281
273
274
275
282
283
284
285
286
287
288
289
290
291
276292
277293
278294
......
388404
389405
390406
407
391408
392409
393410
......
399416
400417
401418
419
420
421
422
423
402424
403425
404426
405427
406428
407429
408
430
409431
410
432
433
434
435
411436
412437
413438
414439
415440
416441
442
443
417444
418445
419446
......
437464
438465
439466
467
468
440469
441470
471
472
442473
443474
444475
User * getMySQLUser(char * user, DB * db)
{
char q[512];
char q2[512];
int strp = 0;
MYSQL_RES *result;
MYSQL_ROW row;
strp += strlen(db->dbtable);
strncpy(q + strp, " WHERE login = '", 16);
strp += 16;
strncpy(q + strp, user, strlen(user));
strp += strlen(user);
mysql_real_escape_string(con, q2, user, strlen(user));
strncpy(q + strp, q2, strlen(q2));
strp += strlen(q2);
strncpy(q + strp, "' LIMIT 1", 9);
if (mysql_query(con, q))
if (mysql_query(con, q) > 0)
{
mysql_close(con);
free(u);
return NULL;
}
result = mysql_store_result(con);
if (result == 0)
{
mysql_close(con);
free(u);
return NULL;
}
row = mysql_fetch_row(result);
u->user = user;
u->password = row[0];
if (row != NULL)
{
u->user = user;
u->password = row[0];
} else {
mysql_free_result(result);
mysql_close(con);
free(u);
return NULL;
}
if (strcmp(row[1], "") != 0)
u->otp = row[1];
int ik = 0;
int i;
int nibs[2];
int retcode = 1;
char buf10[256];
char buf16[256];
time_t now = time(NULL);
//db = readConfig(getenv("OTPCONFIG"));
db = readConfig("/etc/apache2/configotp");
user = getMySQLUser(user_name, db);
if (user == NULL)
{
free(db);
exit(1);
}
// if user does not have a OTP set - just verify password
if (user->otp == NULL)
{
hash("SHA1", user_passwd, strlen(user_passwd), outHash);
ret = b64encode(outHash, 20);
if (strcmp(ret, user->password) == 0)
exit(0);
retcode = 0;
else
exit(1);
retcode = 1;
free(db);
free(user);
exit(retcode);
} else {
// password should be in the form {OTP}{PASSWORD}
// ie 123456password
if (strlen(user_passwd) < 7) // 6 OTP digits and 1 char for password
{
printf("password not long enough!");
free(db);
free(user);
exit(1);
}
for(keylen = 0; keylen < sizeof(newkey) && user->otp[ik] != '\0'; keylen++)
ret2 = b64encode(outHash, 20);
if (strcmp(ret2, user->password) == 0 && strcmp(buf10, inotp) == 0)
{
free(user);
free(db);
exit(0);
} else {
free(user);
free(db);
exit(1);
}
}

Archive Download the corresponding diff file

Branches

Tags

Page rendered in 0.40825s using 14 queries.