From 5fb77c3337679d5661a3e14747481355fbc82bfd Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Mon, 25 Dec 2023 07:07:05 +0100
Subject: Fix the salt

---
 FICS/adminproc.c      | 19 +++++--------------
 FICS/command.c        | 11 ++++-------
 FICS/comproc.c        | 18 +++++-------------
 FICS/fics_addplayer.c | 12 ++++--------
 4 files changed, 18 insertions(+), 42 deletions(-)

(limited to 'FICS')

diff --git a/FICS/adminproc.c b/FICS/adminproc.c
index d7c5bdc..6f10d94 100644
--- a/FICS/adminproc.c
+++ b/FICS/adminproc.c
@@ -26,6 +26,7 @@
 #include "adminproc.h"
 #include "command.h"
 #include "comproc.h"
+#include "fics_getsalt.h"
 #include "gamedb.h"
 #include "gameproc.h"
 #include "multicol.h"
@@ -935,7 +936,7 @@ com_addplayer(int p, param_list param)
 	char	*newplayer = param[0].val.word;
 	char	 newplayerlower[MAX_LOGIN_NAME];
 	char	 password[PASSLEN + 1];
-	char	 salt[6];
+	char	 salt[FICS_SALT_SIZE];
 	char	 text[2048];
 	int	 i;
 	int	 p1;
@@ -980,12 +981,7 @@ com_addplayer(int p, param_list param)
 			password[i] = ('a' + rand() % 26);
 		password[i] = '\0';
 
-		salt[0] = '$';
-		salt[1] = '1';
-		salt[2] = '$';
-		salt[3] = ('a' + rand() % 26);
-		salt[4] = ('a' + rand() % 26);
-		salt[5] = '\0';
+		strcpy(salt, fics_getsalt());
 
 		parray[p1].passwd = xstrdup(crypt(password, salt));
 	} else {
@@ -1185,7 +1181,7 @@ PUBLIC int com_cmuzzle(int p, param_list param)
 PUBLIC int
 com_asetpasswd(int p, param_list param)
 {
-	char	 salt[6];
+	char	 salt[FICS_SALT_SIZE];
 	char	 subject[400];
 	char	 text[10100];
 	int	 p1, connected;
@@ -1219,12 +1215,7 @@ com_asetpasswd(int p, param_list param)
 		sprintf(text, "Password of %s is now useless.  Your account at "
 		    "our FICS has been locked.\n", parray[p1].name);
 	} else {
-		salt[0] = '$';
-		salt[1] = '1';
-		salt[2] = '$';
-		salt[3] = ('a' + rand() % 26);
-		salt[4] = ('a' + rand() % 26);
-		salt[5] = '\0';
+		strcpy(salt, fics_getsalt());
 
 		parray[p1].passwd = xstrdup(crypt(param[1].val.word, salt));
 
diff --git a/FICS/command.c b/FICS/command.c
index a64c4ff..93de68d 100644
--- a/FICS/command.c
+++ b/FICS/command.c
@@ -33,6 +33,7 @@
 #include "command.h"
 #include "command_list.h"
 #include "config.h"
+#include "fics_getsalt.h"
 #include "ficsmain.h"
 #include "gamedb.h"
 #include "gameproc.h"
@@ -661,7 +662,7 @@ check_news(int p, int admin)
 PRIVATE int
 process_password(int p, char *password)
 {
-	char		 salt[6];
+	char		 salt[FICS_SALT_SIZE];
 	int		 dummy;    // to hold a return value
 	int		 fd;
 	int		 messnum;
@@ -671,12 +672,8 @@ process_password(int p, char *password)
 	turn_echo_on(parray[p].socket);
 
 	if (parray[p].passwd && parray[p].registered) {
-		salt[0] = '$';
-		salt[1] = '1';
-		salt[2] = '$';
-		salt[3] = parray[p].passwd[0];
-		salt[4] = parray[p].passwd[1];
-		salt[5] = '\0';
+		strncpy(salt, &(parray[p].passwd[0]), sizeof salt - 1);
+		salt[sizeof salt - 1] = '\0';
 
 		if (strcmp(crypt(password, salt), parray[p].passwd)) {
 			fd		= parray[p].socket;
diff --git a/FICS/comproc.c b/FICS/comproc.c
index 3533c15..32f8662 100644
--- a/FICS/comproc.c
+++ b/FICS/comproc.c
@@ -39,6 +39,7 @@
 #include "comproc.h"
 #include "config.h"
 #include "eco.h"
+#include "fics_getsalt.h"
 #include "ficsmain.h"
 #include "formula.h"
 #include "gamedb.h"
@@ -538,7 +539,7 @@ com_password(int p, param_list param)
 {
 	char	*oldpassword = param[0].val.word;
 	char	*newpassword = param[1].val.word;
-	char	 salt[6];
+	char	 salt[FICS_SALT_SIZE];
 
 	if (!parray[p].registered) {
 		pprintf(p, "Setting a password is only for registered players."
@@ -547,12 +548,8 @@ com_password(int p, param_list param)
 	}
 
 	if (parray[p].passwd) {
-		salt[0] = '$';
-		salt[1] = '1';
-		salt[2] = '$';
-		salt[3] = parray[p].passwd[0];
-		salt[4] = parray[p].passwd[1];
-		salt[5] = '\0';
+		strncpy(salt, &(parray[p].passwd[0]), sizeof salt - 1);
+		salt[sizeof salt - 1] = '\0';
 
 		if (strcmp(crypt(oldpassword, salt), parray[p].passwd)) {
 			pprintf(p, "Incorrect password, password not changed!"
@@ -564,12 +561,7 @@ com_password(int p, param_list param)
 		parray[p].passwd = NULL;
 	}
 
-	salt[0] = '$';
-	salt[1] = '1';
-	salt[2] = '$';
-	salt[3] = ('a' + rand() % 26);
-	salt[4] = ('a' + rand() % 26);
-	salt[5] = '\0';
+	strcpy(salt, fics_getsalt());
 	parray[p].passwd = xstrdup(crypt(newpassword, salt));
 
 	pprintf(p, "Password changed to \"%s\".\n", newpassword);
diff --git a/FICS/fics_addplayer.c b/FICS/fics_addplayer.c
index fb7e831..2c9518d 100644
--- a/FICS/fics_addplayer.c
+++ b/FICS/fics_addplayer.c
@@ -25,9 +25,10 @@
 */
 
 #include "stdinclude.h"
+#include "common.h"
 
 #include "command.h"
-#include "common.h"
+#include "fics_getsalt.h"
 #include "playerdb.h"
 #include "utils.h"
 
@@ -51,7 +52,7 @@ PUBLIC int
 main(int argc, char *argv[])
 {
 	char	 password[PASSLEN + 1];
-	char	 salt[6];
+	char	 salt[FICS_SALT_SIZE];
 	char	 text[2048];
 	int	 i;
 	int	 p;
@@ -115,12 +116,7 @@ main(int argc, char *argv[])
 		password[i] = ('a' + rand() % 26);
 	password[i] = '\0';
 
-	salt[0] = '$';
-	salt[1] = '1';
-	salt[2] = '$';
-	salt[3] = ('a' + rand() % 26);
-	salt[4] = ('a' + rand() % 26);
-	salt[5] = '\0';
+	strcpy(salt, fics_getsalt());
 	parray[p].passwd = xstrdup(crypt(password, salt));
 	parray[p].registered = 1;
 //	parray[p].network_player = !local;
-- 
cgit v1.2.3