Skip to content
Snippets Groups Projects
Commit 1571dc22 authored by Toby Murray's avatar Toby Murray
Browse files

add paster pw checking

parent 7b6e02a4
No related branches found
No related tags found
No related merge requests found
...@@ -15,8 +15,8 @@ CFLAGS += -W -Wall -Wpedantic -Wno-language-extension-token ...@@ -15,8 +15,8 @@ CFLAGS += -W -Wall -Wpedantic -Wno-language-extension-token
CLANG ?= clang-6.0 CLANG ?= clang-6.0
CC=$(CLANG) CC=$(CLANG)
SAN_FLAGS ?= -fsanitize=address -fno-omit-frame-pointer SAN_FLAGS ?= -fsanitize=address -fno-omit-frame-pointer -DPASSBOOK_FUZZ
FUZZ_FLAGS ?= -DPASSBOOK_LIBFUZZER -fsanitize=fuzzer,address -fno-omit-frame-pointer FUZZ_FLAGS ?= -DPASSBOOK_LIBFUZZER -fsanitize=fuzzer,address -fno-omit-frame-pointer -DPASSBOOK_FUZZ
NO_STRICT_OVERFLOW_CFLAGS ?= -fwrapv -fno-strict-overflow -Wstrict-overflow NO_STRICT_OVERFLOW_CFLAGS ?= -fwrapv -fno-strict-overflow -Wstrict-overflow
COV_FLAGS ?= -fprofile-instr-generate -fcoverage-mapping COV_FLAGS ?= -fprofile-instr-generate -fcoverage-mapping
......
...@@ -28,6 +28,8 @@ const char INSTRUCTION_SAVE[] = "save"; ...@@ -28,6 +28,8 @@ const char INSTRUCTION_SAVE[] = "save";
const char INSTRUCTION_LIST[] = "list"; const char INSTRUCTION_LIST[] = "list";
const char INSTRUCTION_MASTERPW[] = "masterpw";
typedef struct { typedef struct {
char * username; char * username;
char * password; char * password;
...@@ -223,9 +225,13 @@ unsigned int tokenise(char *str, char * toks[], unsigned int toksLen){ ...@@ -223,9 +225,13 @@ unsigned int tokenise(char *str, char * toks[], unsigned int toksLen){
/* two extra chars in each line: the newline '\n' and NUL '\0' */ /* two extra chars in each line: the newline '\n' and NUL '\0' */
#define INSTRUCTION_LENGTH (MAX_LINE_LENGTH+2) #define INSTRUCTION_LENGTH (MAX_LINE_LENGTH+2)
/* a global instruction buffer */ /* a global instruction buffer */
char inst[INSTRUCTION_LENGTH]; char inst[INSTRUCTION_LENGTH];
/* a global buffer to hold master password input. */
char pwbuf[INSTRUCTION_LENGTH];
/* password mapping for each url: initially empty */ /* password mapping for each url: initially empty */
node_t * map = NULL; node_t * map = NULL;
...@@ -371,16 +377,29 @@ void node_save(const node_t *p, FILE *f){ ...@@ -371,16 +377,29 @@ void node_save(const node_t *p, FILE *f){
fprintf(f,"\n"); fprintf(f,"\n");
} }
void masterpw_save(const char *pw, FILE *f){
fprintf(f,"%s",INSTRUCTION_MASTERPW);
fprintf(f," ");
fprintf(f,"%s",pw);
fprintf(f,"\n");
}
/* level order (i.e. breadth-first) traversal to print nodes out in the /* level order (i.e. breadth-first) traversal to print nodes out in the
order that they would need to be put back in to an empty tree to ensure order that they would need to be put back in to an empty tree to ensure
that the resulting tree has the same structure as the original one that that the resulting tree has the same structure as the original one that
was printed out. Returns 0 on success; nonzero on failure */ was printed out. Returns 0 on success; nonzero on failure */
int save_levelorder(const node_t *p, const char * filename){ int save_levelorder(const node_t *p, const char *masterpw,
const char * filename){
#ifdef PASSBOOK_FUZZ // ignore the file name when fuzzing
FILE *f = fopen(".passbook_fuzz_save_file","w");
#else
FILE *f = fopen(filename,"w"); FILE *f = fopen(filename,"w");
#endif
if (f == NULL){ if (f == NULL){
fprintf(stderr,"Couldn't open file %s for writing.\n",filename); fprintf(stderr,"Couldn't open file %s for writing.\n",filename);
return -1; return -1;
} }
masterpw_save(masterpw,f);
nodeptr_list_t lst = {.head = NULL, .last = NULL}; nodeptr_list_t lst = {.head = NULL, .last = NULL};
if (p != NULL){ if (p != NULL){
lst = list_push(lst,p); lst = list_push(lst,p);
...@@ -440,15 +459,32 @@ static int execute(void){ ...@@ -440,15 +459,32 @@ static int execute(void){
map = put(map,toks[1],cred); map = put(map,toks[1],cred);
} else if (strcmp(toks[0],INSTRUCTION_SAVE) == 0){ } else if (strcmp(toks[0],INSTRUCTION_SAVE) == 0){
if (numToks != 2){ if (numToks != 3){
return -1; return -1;
} }
debug_printf("Saving to: %s\n",toks[1]); debug_printf("Saving under master password %s to file: %s\n",toks[1],toks[2]);
if (save_levelorder(map,toks[1]) != 0){ if (save_levelorder(map,toks[1],toks[2]) != 0){
return -1; return -1;
} }
debug_printf("---\n"); debug_printf("---\n");
} else if (strcmp(toks[0],INSTRUCTION_MASTERPW) == 0){
if (numToks != 2){
return -1;
}
printf("Enter master password: ");
char * res = fgets(pwbuf,sizeof(pwbuf),stdin);
char * pwtoks[1];
const unsigned int numPWToks = tokenise(pwbuf,pwtoks,1);
if (res == NULL || numPWToks != 1 || strcmp(pwtoks[0],toks[1]) != 0){
fprintf(stderr,"Master password incorrect! Exiting immediately.\n");
#ifdef PASSBOOK_FUZZ // actually don't exit but keep going when fuzzing
return -1;
#else
exit(1);
#endif
}
} else if (strcmp(toks[0],INSTRUCTION_LIST) == 0){ } else if (strcmp(toks[0],INSTRUCTION_LIST) == 0){
if (numToks != 1){ if (numToks != 1){
return -1; return -1;
...@@ -473,7 +509,7 @@ static int run(FILE *f){ ...@@ -473,7 +509,7 @@ static int run(FILE *f){
int instructionCount = 0; int instructionCount = 0;
while (instructionCount < MAX_INSTRUCTIONS){ while (instructionCount < MAX_INSTRUCTIONS){
memset(inst,0,sizeof(inst)); memset(inst,0,sizeof(inst));
char * res = fgets(inst,MAX_LINE_LENGTH+2,f); char * res = fgets(inst,sizeof(inst),f);
if (res == NULL){ if (res == NULL){
if (feof(f)){ if (feof(f)){
/* end of file */ /* end of file */
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment