Skip to content
Permalink
Browse files

Enhance makepass() and make_rand_str()

Found by: michaelortmann
Patch by: michaelortmann


    misc.c: Rewrote make_rand_str() to be more random and faster. Entropy was worse because of randint(3) toggle beween lower case letters and digits.
    dccutil.c: Rewrote makepass() to be more random and faster. It returned passwords of len 10 to 15. Now it will always return passwords of len 15. There is no documentation about the maximum password length returned, but this function is exported, so i want to leave it 15 for eggdrop 1.8.
    dcc.c: ps[20] -> pass[16] because now we know the max length returned from makepass(). While at it, equally renamed the array to pass.
    share.c: p[32] -> pass[16] because now we know the max length returned from makepass(). While at it, equally renamed the array to pass. The code was really fooling the reader to think a share password of len 31 would be calculated.
  • Loading branch information...
michaelortmann authored and vanosg committed Jun 26, 2019
1 parent 875f304 commit 103128c93f31bb09bb0a8149cc1dac51f5625858
Showing with 20 additions and 27 deletions.
  1. +6 −6 src/dcc.c
  2. +3 −6 src/dccutil.c
  3. +1 −0 src/eggdrop.h
  4. +6 −9 src/misc.c
  5. +4 −6 src/mod/share.mod/share.c
@@ -660,6 +660,8 @@ static int dcc_bot_check_digest(int idx, char *remote_digest)

static void dcc_chat_pass(int idx, char *buf, int atr)
{
char pass[PASSWORDLEN];

if (!atr)
return;
if (dcc[idx].status & STAT_TELNET)
@@ -688,19 +690,17 @@ static void dcc_chat_pass(int idx, char *buf, int atr)
#endif
/* No password set? */
if (u_pass_match(dcc[idx].user, "-")) {
char ps[20];

makepass(ps);
set_user(&USERENTRY_PASS, dcc[idx].user, ps);
makepass(pass);
set_user(&USERENTRY_PASS, dcc[idx].user, pass);
changeover_dcc(idx, &DCC_BOT_NEW, sizeof(struct bot_info));

dcc[idx].status = STAT_CALLED;
dprintf(idx, "*hello!\n");
greet_new_bot(idx);
#ifdef NO_OLD_BOTNET
dprintf(idx, "h %s\n", ps);
dprintf(idx, "h %s\n", pass);
#else
dprintf(idx, "handshake %s\n", ps);
dprintf(idx, "handshake %s\n", pass);
#endif
return;
}
@@ -504,14 +504,11 @@ void *_get_data_ptr(int size, char *file, int line)
return p;
}

/* Make a password, 10-15 random letters and digits
/* Make a password with (PASSWORDLEN - 1) random lower case letters and digits
*/
void makepass(char *s)
void makepass(char *pass)
{
int i;

i = 10 + randint(6);
make_rand_str(s, i);
make_rand_str(pass, PASSWORDLEN - 1);
}

void flush_lines(int idx, struct chat_info *ci)
@@ -77,6 +77,7 @@
#define DIRLEN DIRMAX + 1
#define LOGLINELEN LOGLINEMAX + 1
#define NOTENAMELEN ((HANDLEN * 2) + 1)
#define PASSWORDLEN 16


/* We have to generate compiler errors in a weird way since not all compilers
@@ -1434,18 +1434,15 @@ void show_banner(int idx)
fclose(vv);
}

/* Create a string with random letters and digits
/* Create a string with random lower case letters and digits
*/
void make_rand_str(char *s, int len)
void make_rand_str(char *s, const int len)
{
int j;
int i;
static const char chars[] = "0123456789abcdefghijklmnopqrstuvwxyz";

for (j = 0; j < len; j++) {
if (!randint(3))
s[j] = '0' + randint(10);
else
s[j] = 'a' + randint(26);
}
for (i = 0; i < len; i++)
s[i] = chars[randint((sizeof chars) - 1)];
s[len] = 0;
}

@@ -586,7 +586,7 @@ static void share_pls_host(int idx, char *par)

static void share_pls_bothost(int idx, char *par)
{
char *hand, p[32];
char *hand, pass[PASSWORDLEN];
struct userrec *u;

if ((dcc[idx].status & STAT_SHARE) && !private_user) {
@@ -601,8 +601,8 @@ static void share_pls_bothost(int idx, char *par)
return; /* ignore */
set_user(&USERENTRY_HOSTS, u, par);
} else {
makepass(p);
userlist = adduser(userlist, hand, par, p, USER_BOT);
makepass(pass);
userlist = adduser(userlist, hand, par, pass, USER_BOT);
}
if (!(dcc[idx].status & STAT_GETTING))
putlog(LOG_CMDS, "*", "%s: +host %s %s", dcc[idx].nick, hand, par);
@@ -630,7 +630,7 @@ static void share_mns_host(int idx, char *par)

static void share_change(int idx, char *par)
{
char *key, *hand;
char *key, *hand, pass[PASSWORDLEN];
struct userrec *u;
struct user_entry_type *uet;
struct user_entry *e;
@@ -648,8 +648,6 @@ static void share_change(int idx, char *par)
shareout_but(NULL, idx, "c %s %s %s\n", key, hand, par);
noshare = 1;
if (!u && (uet == &USERENTRY_BOTADDR)) {
char pass[30];

makepass(pass);
userlist = adduser(userlist, hand, "none", pass, USER_BOT);
u = get_user_by_handle(userlist, hand);

0 comments on commit 103128c

Please sign in to comment.
You can’t perform that action at this time.