Skip to content
Snippets Groups Projects
Commit 5c69f942 authored by Toby Murray's avatar Toby Murray
Browse files

don't check master pw when fuzzing etc. but vulns might still reveal it

parent a025c63e
Branches
No related tags found
No related merge requests found
...@@ -474,15 +474,16 @@ static int execute(void){ ...@@ -474,15 +474,16 @@ static int execute(void){
if (numToks != 2){ if (numToks != 2){
return -1; return -1;
} }
// when fuzzing (or gathering coverage stats, etc.) don't check master pw
#ifndef PASSBOOK_FUZZ
const char * pass = getpass("Enter master password: "); const char * pass = getpass("Enter master password: ");
if (pass == NULL || strcmp(pass,toks[1]) != 0){ if (pass == NULL || strcmp(pass,toks[1]) != 0){
fprintf(stderr,"Master password incorrect!\n"); fprintf(stderr,"Master password incorrect!\n");
#ifdef PASSBOOK_FUZZ // actually don't exit but keep going when fuzzing
return -1;
#else
exit(1); // exit immediately exit(1); // exit immediately
#endif
} }
#else
return -1;
#endif
} else if (strcmp(toks[0],INSTRUCTION_LIST) == 0){ } else if (strcmp(toks[0],INSTRUCTION_LIST) == 0){
if (numToks != 1){ if (numToks != 1){
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment