diff options
author | George Hazan <george.hazan@gmail.com> | 2014-01-29 15:52:06 +0000 |
---|---|---|
committer | George Hazan <george.hazan@gmail.com> | 2014-01-29 15:52:06 +0000 |
commit | 78cbd552ec1d3ec2b0f837d95def4dc4c3b09775 (patch) | |
tree | 2e2393125d24cb953f01ba37c5e4805ed318b790 /protocols/JabberG/src/jabber_secur.cpp | |
parent | ffa0f139995d02c4a636481500beae326b125089 (diff) |
now final, yes
git-svn-id: http://svn.miranda-ng.org/main/trunk@7949 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
Diffstat (limited to 'protocols/JabberG/src/jabber_secur.cpp')
-rw-r--r-- | protocols/JabberG/src/jabber_secur.cpp | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp index 5758565b1f..cc3c76bee7 100644 --- a/protocols/JabberG/src/jabber_secur.cpp +++ b/protocols/JabberG/src/jabber_secur.cpp @@ -231,15 +231,17 @@ TScramAuth::~TScramAuth() void TScramAuth::Hi(BYTE* res, char* passw, size_t passwLen, char* salt, size_t saltLen, int ind)
{
- BYTE *u = (BYTE*)_alloca(saltLen + sizeof(unsigned));
- memcpy(u, salt, saltLen); *(unsigned*)(u + saltLen) = htonl(1); saltLen += 4;
+ size_t bufLen = saltLen + sizeof(UINT32);
+ BYTE *u = (BYTE*)_alloca(max(bufLen, MIR_SHA1_HASH_SIZE));
+ memcpy(u, salt, saltLen); *(UINT32*)(u + saltLen) = htonl(1);
+
memset(res, 0, MIR_SHA1_HASH_SIZE);
for (int i = 0; i < ind; i++) {
- mir_hmac_sha1(u, (BYTE*)passw, passwLen, u, saltLen);
- saltLen = sizeof(u);
+ mir_hmac_sha1(u, (BYTE*)passw, passwLen, u, bufLen);
+ bufLen = MIR_SHA1_HASH_SIZE;
- for (unsigned j = 0; j < sizeof(u); j++)
+ for (unsigned j = 0; j < MIR_SHA1_HASH_SIZE; j++)
res[j] ^= u[j];
}
}
@@ -252,7 +254,7 @@ char* TScramAuth::getChallenge(const TCHAR *challenge) ptrA chl((char*)mir_base64_decode(_T2A(challenge), &chlLen));
- for (char *p = strtok(chl, ","); p != NULL; p = strtok(NULL, ",")) {
+ for (char *p = strtok(NEWSTR_ALLOCA(chl), ","); p != NULL; p = strtok(NULL, ",")) {
if (*p == 'r' && p[1] == '=') { // snonce
if (strncmp(cnonce, p + 2, strlen(cnonce)))
return NULL;
|