[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
lutil_passwd() function
Hi!
Have a look at this file: libraries/liblutil/passwd.c:
> lutil_SHA1Final(SHA1digest, &SHA1context);
>
> /* compare */
> rc = strncmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest));
...
> lutil_MD5Final(MD5digest, &MD5context);
>
> /* compare */
> rc = strncmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest));
I think strncmp() is a *very* bad idea if you want to compare
binary patterns. memcmp() would be a better choice.
Regards,
Christian Forster