Skip to content
Snippets Groups Projects
Commit 6e1da913 authored by Toby Murray's avatar Toby Murray
Browse files

secure password input -- but not storage

parent a0859a0d
No related branches found
No related tags found
No related merge requests found
......@@ -2,6 +2,8 @@
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <pwd.h>
#include <unistd.h>
#include "debug.h"
......@@ -472,16 +474,13 @@ static int execute(void){
if (numToks != 2){
return -1;
}
printf("Enter master password: ");
char * res = fgets(pwbuf,sizeof(pwbuf),stdin);
char * pwtoks[1];
const unsigned int numPWToks = tokenise(pwbuf,pwtoks,1);
if (res == NULL || numPWToks != 1 || strcmp(pwtoks[0],toks[1]) != 0){
fprintf(stderr,"Master password incorrect! Exiting immediately.\n");
const char * pass = getpass("Enter master password: ");
if (pass == NULL || strcmp(pass,toks[1]) != 0){
fprintf(stderr,"Master password incorrect!\n");
#ifdef PASSBOOK_FUZZ // actually don't exit but keep going when fuzzing
return -1;
#else
exit(1);
exit(1); // exit immediately
#endif
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment