[Date Prev][Date Next] [Chronological] [Thread] [Top]

lutil_passwd() function



Hi!

Have a look at this file: libraries/liblutil/passwd.c:

> lutil_SHA1Final(SHA1digest, &SHA1context);
>
> /* compare */
> rc = strncmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest));

...

> lutil_MD5Final(MD5digest, &MD5context);
>
> /* compare */
> rc = strncmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest));


I think strncmp() is a *very* bad idea if you want to compare
binary patterns. memcmp() would be a better choice.

Regards,
Christian Forster