From 44aa999598af1e798321d595372dac84eaf8a2ba Mon Sep 17 00:00:00 2001 From: Patrick Griffis Date: Wed, 13 Apr 2016 18:46:20 -0400 Subject: [PATCH] Fix challengeauth lower casing username --- src/common/util.c | 20 +++++++++++++++++--- src/common/util.h | 2 +- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/common/util.c b/src/common/util.c index 5c4eb8bf..490c3cd2 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1414,6 +1414,21 @@ str_sha256hash (char *string) return g_strdup (buf); } +static char * +rfc_strlower (const char *str) +{ + size_t i, len = strlen(str); + char *lower = g_new(char, len + 1); + + for (i = 0; i < len; ++i) + { + lower[i] = rfc_tolower(str[i]); + } + lower[i] = '\0'; + + return lower; +} + /** * \brief Generate CHALLENGEAUTH response for QuakeNet login. * @@ -1430,7 +1445,7 @@ str_sha256hash (char *string) * example 2. */ char * -challengeauth_response (char *username, char *password, char *challenge) +challengeauth_response (const char *username, const char *password, const char *challenge) { int i; char *user; @@ -1441,8 +1456,7 @@ challengeauth_response (char *username, char *password, char *challenge) unsigned char *digest; GString *buf = g_string_new_len (NULL, SHA256_DIGEST_LENGTH * 2); - user = g_strdup (username); - *user = rfc_tolower (*username); /* convert username to lowercase as per the RFC */ + user = rfc_strlower (username); /* convert username to lowercase as per the RFC */ pass = g_strndup (password, 10); /* truncate to 10 characters */ passhash = str_sha256hash (pass); diff --git a/src/common/util.h b/src/common/util.h index ba318585..bb377fc8 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -76,7 +76,7 @@ void canonalize_key (char *key); int portable_mode (void); int unity_mode (void); char *encode_sasl_pass_plain (char *user, char *pass); -char *challengeauth_response (char *username, char *password, char *challenge); +char *challengeauth_response (const char *username, const char *password, const char *challenge); size_t strftime_validated (char *dest, size_t destsize, const char *format, const struct tm *time); gsize strftime_utf8 (char *dest, gsize destsize, const char *format, time_t time); #endif