Index: ratbox-services/src/rserv.c
===================================================================
--- ratbox-services.orig/src/rserv.c 2014-01-26 21:14:29.000000000 +0100
+++ ratbox-services/src/rserv.c 2014-01-26 21:16:52.000000000 +0100
@@ -190,7 +190,10 @@
static void
check_md5_crypt(void)
{
- if(strcmp((crypt("validate", "$1$tEsTiNg1")), "$1$tEsTiNg1$Orp/Maa6pOxfOpGWjmtVE/") == 0)
+ char *crypt_passwd = NULL;
+
+ crypt_passwd = crypt("validate", "$1$tEsTiNg1");
+ if(crypt_passwd && strcmp(crypt_passwd, "$1$tEsTiNg1$Orp/Maa6pOxfOpGWjmtVE/") == 0)
have_md5_crypt = 1;
else
have_md5_crypt = 0;
Index: ratbox-services/src/service.c
===================================================================
--- ratbox-services.orig/src/service.c 2014-01-26 21:14:29.000000000 +0100
+++ ratbox-services/src/service.c 2014-01-26 21:16:52.000000000 +0100
@@ -948,7 +948,7 @@
else
crpass = parv[1];
- if(strcmp(crpass, oper_p->pass))
+ if(!crpass || strcmp(crpass, oper_p->pass))
{
sendto_server(":%s NOTICE %s :Invalid password",
MYUID, UID(client_p));
Index: ratbox-services/src/s_userserv.c
===================================================================
--- ratbox-services.orig/src/s_userserv.c 2014-01-26 21:14:29.000000000 +0100
+++ ratbox-services/src/s_userserv.c 2014-01-26 21:16:52.000000000 +0100
@@ -656,6 +656,11 @@
strlcpy(reg_p->name, parv[0], sizeof(reg_p->name));
password = get_crypt(parv[1], NULL);
+ if (!password)
+ {
+ service_snd(userserv_p, client_p, conn_p, SVC_ENCRYPTIONERROR);
+ return 0;
+ }
reg_p->password = my_strdup(password);
if(!EmptyString(parv[2]))
@@ -1004,6 +1009,11 @@
"USERSETPASS %s", ureg_p->name);
password = get_crypt(parv[1], NULL);
+ if (!password)
+ {
+ service_snd(userserv_p, client_p, conn_p, SVC_ENCRYPTIONERROR);
+ return 0;
+ }
my_free(ureg_p->password);
ureg_p->password = my_strdup(password);
@@ -1253,6 +1263,11 @@
"REGISTER %s %s", parv[0], EmptyString(parv[2]) ? "" : parv[2]);
password = get_crypt(parv[1], NULL);
+ if (!password)
+ {
+ service_snd(userserv_p, client_p, conn_p, SVC_ENCRYPTIONERROR);
+ return 0;
+ }
reg_p = BlockHeapAlloc(user_reg_heap);
strcpy(reg_p->name, parv[0]);
@@ -1392,6 +1407,11 @@
}
password = get_crypt(parv[1], reg_p->password);
+ if (!password)
+ {
+ service_snd(userserv_p, client_p, conn_p, SVC_ENCRYPTIONERROR);
+ return 0;
+ }
if(strcmp(password, reg_p->password))
{
@@ -1576,6 +1596,11 @@
if(strcmp(data.row[0][0], parv[1]) == 0)
{
const char *password = get_crypt(parv[2], NULL);
+ if (!password)
+ {
+ service_snd(userserv_p, client_p, conn_p, SVC_ENCRYPTIONERROR);
+ return 0;
+ }
/* need to execute another query.. */
rsdb_exec_fetch_end(&data);
@@ -1864,6 +1889,11 @@
}
password = get_crypt(parv[1], ureg_p->password);
+ if (!password)
+ {
+ service_snd(userserv_p, client_p, conn_p, SVC_ENCRYPTIONERROR);
+ return 0;
+ }
if(strcmp(password, ureg_p->password))
{
@@ -1874,6 +1904,11 @@
zlog(userserv_p, 3, 0, 0, client_p, NULL, "SET PASS");
password = get_crypt(parv[2], NULL);
+ if (!password)
+ {
+ service_snd(userserv_p, client_p, conn_p, SVC_ENCRYPTIONERROR);
+ return 0;
+ }
my_free(ureg_p->password);
ureg_p->password = my_strdup(password);
Index: ratbox-services/src/ucommand.c
===================================================================
--- ratbox-services.orig/src/ucommand.c 2014-01-26 21:14:29.000000000 +0100
+++ ratbox-services/src/ucommand.c 2014-01-26 21:16:52.000000000 +0100
@@ -251,7 +251,7 @@
else
crpass = parv[1];
- if(strcmp(oper_p->pass, crpass))
+ if(!crpass || strcmp(oper_p->pass, crpass))
{
sendto_one(conn_p, "Invalid password");
return 0;
Index: ratbox-services/include/langs.h
===================================================================
--- ratbox-services.orig/include/langs.h 2014-01-26 21:14:29.000000000 +0100
+++ ratbox-services/include/langs.h 2014-01-26 21:16:52.000000000 +0100
@@ -61,6 +61,7 @@
SVC_ENDOFLISTLIMIT,
SVC_USECOMMANDSHORTCUT,
SVC_INVALIDMASK,
+ SVC_ENCRYPTIONERROR,
/* general irc related */
SVC_IRC_NOSUCHCHANNEL,
Index: ratbox-services/src/messages.c
===================================================================
--- ratbox-services.orig/src/messages.c 2014-01-26 21:14:29.000000000 +0100
+++ ratbox-services/src/messages.c 2014-01-26 21:16:52.000000000 +0100
@@ -54,6 +54,7 @@
{ SVC_ENDOFLISTLIMIT, "End of list, limit reached" },
{ SVC_USECOMMANDSHORTCUT, "Commands to this service must be issued via /%s instead of by name." },
{ SVC_INVALIDMASK, "Invalid mask %s" },
+ { SVC_ENCRYPTIONERROR, "Encryption error" },
/* general irc related */
{ SVC_IRC_NOSUCHCHANNEL, "Channel %s does not exist" },
Index: ratbox-services/langs/example.lang
===================================================================
--- ratbox-services.orig/langs/example.lang 2014-01-26 14:49:12.099119403 +0100
+++ ratbox-services/langs/example.lang 2014-01-26 21:37:22.999890826 +0100
@@ -29,6 +29,7 @@
SVC_ENDOFLISTLIMIT, "End of list, limit reached"
SVC_USECOMMANDSHORTCUT, "Commands to this service must be issued via /%s instead of by name."
SVC_INVALIDMASK, "Invalid mask %s"
+SVC_ENCRYPTIONERROR, "Encryption error"
# general irc related
SVC_IRC_NOSUCHCHANNEL, "Channel %s does not exist"
Index: ratbox-services/src/langs.c
===================================================================
--- ratbox-services.orig/src/langs.c 2014-01-26 14:49:12.143119259 +0100
+++ ratbox-services/src/langs.c 2014-01-26 21:36:27.592144355 +0100
@@ -72,6 +72,7 @@
"SVC_ENDOFLISTLIMIT",
"SVC_USECOMMANDSHORTCUT",
"SVC_INVALIDMASK",
+ "SVC_ENCRYPTIONERROR",
/* general irc related */
"SVC_IRC_NOSUCHCHANNEL",