From 4d72e6d765137b7475ac87262f7e1086fe5599b5 Mon Sep 17 00:00:00 2001 From: Con Kolivas Date: Thu, 17 Mar 2011 07:03:40 +1100 Subject: [PATCH] Apply fixes so that ciphertext matches. Patch courtesy of Serge Belyshev. --- lrzip.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/lrzip.c b/lrzip.c index 61b1104..b92c8b0 100644 --- a/lrzip.c +++ b/lrzip.c @@ -444,6 +444,22 @@ void close_tmpinbuf(rzip_control *control) free(control->tmp_inbuf); } +static void get_pass(char *s) +{ + int len; + + memset(s, 0, PASS_LEN - SALT_LEN); + fgets(s, PASS_LEN - SALT_LEN, stdin); + len = strlen(s); + if (len > 0 && ('\r' == s[len - 1] || '\n' == s[len - 1])) + s[len - 1] = '\0'; + if (len > 1 && ('\r' == s[len - 2] || '\n' == s[len - 2])) + s[len - 2] = '\0'; + len = strlen(s); + if (unlikely(0 == len)) + failure("Empty passphrase\n"); +} + static void get_hash(rzip_control *control, int make_hash) { char *passphrase, *testphrase; @@ -468,13 +484,11 @@ static void get_hash(rzip_control *control, int make_hash) tcsetattr(fileno(stdin), 0, &termios_p); retry_pass: print_output("Enter passphrase: "); - if (unlikely(fgets(passphrase, PASS_LEN - SALT_LEN, stdin) == NULL)) - failure("Empty passphrase\n"); + get_pass(passphrase); print_output("\n"); if (make_hash) { print_output("Re-enter passphrase: "); - if (unlikely(fgets(testphrase, PASS_LEN - SALT_LEN, stdin) == NULL)) - failure("Empty passphrase\n"); + get_pass(testphrase); print_output("\n"); if (strcmp(passphrase, testphrase)) { print_output("Passwords do not match. Try again.\n"); @@ -488,9 +502,7 @@ retry_pass: free(testphrase); memcpy(passphrase + PASS_LEN - SALT_LEN, control->salt, SALT_LEN); - sha4(passphrase, PASS_LEN, control->hash, 0); - /* Copy the first hashed passphrase and use it to xor every cycle */ - memcpy(passphrase, control->hash, HASH_LEN); + sha4(passphrase, PASS_LEN, passphrase, 0); print_maxverbose("Hashing passphrase %lld times\n", control->encloops); for (i = 0; i < control->encloops; i++) {