Fixed async call not validating salt (use threadsafe strsep instead o…

…f strtok).
kelektiv · Jul 8, 2011 · de6197d · de6197d
1 parent 07113f0
commit de6197d
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/src/bcrypt_node.cc b/src/bcrypt_node.cc
@@ -91,32 +91,33 @@ bool ValidateSalt(char *str) {
     bool valid = true;
 
     char *new_str = strdup(str);
-    char *result = strtok(new_str, "$");
+    char *next_tok = new_str;
+    char *result = strsep(&next_tok, "$");
 
     while (result != NULL) {
-        if (count == 0) {
+        if (count == 1) {
             //check version
             if (!isdigit(result[0])) {
                 return false;
             }
             if (strlen(result) == 2 && !isalpha(result[1])) {
                 return false;
             }
-        } else if (count == 1) {
+        } else if (count == 2) {
             //check rounds
             if (!(isdigit(result[0]) && isdigit(result[1]))) {
                 return false;
             }
         }
 
         count++;
-        result = strtok(NULL, "$");
+        result = strsep(&next_tok, "$");
     }
 
     free(new_str);
     free(result);
 
-    return (count == 3);
+    return (count == 4);
 }
 
 /* SALT GENERATION */