Converge hash validation for adding and removing

2025-01-22 16:18:28 -05:00 · 2020-05-14 11:07:51 -07:00 · 2020-05-14 11:07:51 -07:00 · f0f30fc43f
commit f0f30fc43f
parent 41cabca2ab
1 changed files with 21 additions and 14 deletions
--- a/src/acl.c
+++ b/src/acl.c
@ -166,6 +166,25 @@ sds ACLHashPassword(unsigned char *cleartext, size_t len) {
    return sdsnewlen(hex,HASH_PASSWORD_LEN);
 }

+/* Given a hash and the hash length, returns C_OK if it is a valid password 
+ * hash, or C_ERR otherwise. */
+int ACLCheckPasswordHash(unsigned char *hash, int hashlen) {
+    if (hashlen != HASH_PASSWORD_LEN) {
+        return C_ERR;      
+    }
+ 
+    /* Password hashes can only be characters that represent
+     * hexadecimal values, which are numbers and lowercase 
+     * characters 'a' through 'f'. */
+    for(int i = 0; i < HASH_PASSWORD_LEN; i++) {
+        char c = hash[i];
+        if ((c < 'a' || c > 'f') && (c < '0' || c > '9')) {
+            return C_ERR;
+        }
+    }
+    return C_OK;
+}
+
 /* =============================================================================
 * Low level ACL API
 * ==========================================================================*/
@ -753,22 +772,10 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) {
        if (op[0] == '>') {
            newpass = ACLHashPassword((unsigned char*)op+1,oplen-1);
        } else {
-            if (oplen != HASH_PASSWORD_LEN + 1) {
+            if (ACLCheckPasswordHash((unsigned char*)op+1,oplen-1) == C_ERR) {
                errno = EBADMSG;
                return C_ERR;
            }
-
-            /* Password hashes can only be characters that represent
-             * hexadecimal values, which are numbers and lowercase
-             * characters 'a' through 'f'.
-             */
-            for(int i = 1; i < HASH_PASSWORD_LEN + 1; i++) {
-                char c = op[i];
-                if ((c < 'a' || c > 'f') && (c < '0' || c > '9')) {
-                    errno = EBADMSG;
-                    return C_ERR;
-                }
-            }
            newpass = sdsnewlen(op+1,oplen-1);
        }

@ -784,7 +791,7 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) {
        if (op[0] == '<') {
            delpass = ACLHashPassword((unsigned char*)op+1,oplen-1);
        } else {
-            if (oplen != HASH_PASSWORD_LEN + 1) {
+            if (ACLCheckPasswordHash((unsigned char*)op+1,oplen-1) == C_ERR) {
                errno = EBADMSG;
                return C_ERR;
            }