caleb-brown/redict
1
0
Fork 0
mirror of https://codeberg.org/redict/redict.git synced 2025-01-22 16:18:28 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Converge hash validation for adding and removing

Browse Source
This commit is contained in:
Madelyn Olson 2020-05-14 11:07:51 -07:00
parent 41cabca2ab
commit f0f30fc43f
1 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/acl.c
View File

@ -166,6 +166,25 @@ sds ACLHashPassword(unsigned char *cleartext, size_t len) {
return sdsnewlen(hex,HASH_PASSWORD_LEN); return sdsnewlen(hex,HASH_PASSWORD_LEN);
} }
/* Given a hash and the hash length, returns C_OK if it is a valid password
* hash, or C_ERR otherwise. */
int ACLCheckPasswordHash(unsigned char *hash, int hashlen) {
if (hashlen != HASH_PASSWORD_LEN) {
return C_ERR;
}
/* Password hashes can only be characters that represent
* hexadecimal values, which are numbers and lowercase
* characters 'a' through 'f'. */
for(int i = 0; i < HASH_PASSWORD_LEN; i++) {
char c = hash[i];
if ((c < 'a' || c > 'f') && (c < '0' || c > '9')) {
return C_ERR;
}
}
return C_OK;
}
/* ============================================================================= /* =============================================================================
* Low level ACL API * Low level ACL API
* ==========================================================================*/ * ==========================================================================*/
@ -753,22 +772,10 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) {
if (op[0] == '>') { if (op[0] == '>') {
newpass = ACLHashPassword((unsigned char*)op+1,oplen-1); newpass = ACLHashPassword((unsigned char*)op+1,oplen-1);
} else { } else {
if (oplen != HASH_PASSWORD_LEN + 1) { if (ACLCheckPasswordHash((unsigned char*)op+1,oplen-1) == C_ERR) {
errno = EBADMSG; errno = EBADMSG;
return C_ERR; return C_ERR;
} }
/* Password hashes can only be characters that represent
* hexadecimal values, which are numbers and lowercase
* characters 'a' through 'f'.
*/
for(int i = 1; i < HASH_PASSWORD_LEN + 1; i++) {
char c = op[i];
if ((c < 'a' || c > 'f') && (c < '0' || c > '9')) {
errno = EBADMSG;
return C_ERR;
}
}
newpass = sdsnewlen(op+1,oplen-1); newpass = sdsnewlen(op+1,oplen-1);
} }
@ -784,7 +791,7 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) {
if (op[0] == '<') { if (op[0] == '<') {
delpass = ACLHashPassword((unsigned char*)op+1,oplen-1); delpass = ACLHashPassword((unsigned char*)op+1,oplen-1);
} else { } else {
if (oplen != HASH_PASSWORD_LEN + 1) { if (ACLCheckPasswordHash((unsigned char*)op+1,oplen-1) == C_ERR) {
errno = EBADMSG; errno = EBADMSG;
return C_ERR; return C_ERR;
} }