extern/encfs
1
0
Fork 0
mirror of https://github.com/vgough/encfs.git synced 2024-11-25 01:13:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Exit with a fatal error on empty password

Browse Source 
The requirement that the password is not empty was not enforced
properly in all getUserKey() variants. Add the check to makeKey()
instead that is called in every code path.

This also fixes the crash desribed at https://github.com/vgough/encfs/issues/241 .
This commit is contained in:
Jakob Unterwurzacher 2017-02-05 13:52:48 +01:00
parent e9592fade4
commit 5994b28542
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
encfs/FileUtils.cpp
View File

@ -1348,6 +1348,11 @@ CipherKey EncFSConfig::makeKey(const char *password, int passwdLen) {
CipherKey userKey;
std::shared_ptr<Cipher> cipher = getCipher();
if (passwdLen == 0) {
cerr << _("fatal: zero-length passwords are not allowed\n");
exit(1);
}
// if no salt is set and we're creating a new password for a new
// FS type, then initialize salt..
if (salt.size() == 0 && kdfIterations == 0 && cfgType >= Config_V6) {
@ -1389,10 +1394,12 @@ CipherKey EncFSConfig::getUserKey(bool useStdin) {
}
CipherKey userKey;
if (!res)
cerr << _("Zero length password not allowed\n");
else
if (!res) {
cerr << _("fatal: error reading password\n");
exit(1);
} else {
userKey = makeKey(passBuf, strlen(passBuf));
}
memset(passBuf, 0, sizeof(passBuf));