summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--libbb/bb_askpass.c17
-rw-r--r--libbb/pw_encrypt.c12
2 files changed, 16 insertions, 13 deletions
diff --git a/libbb/bb_askpass.c b/libbb/bb_askpass.c
index 0f1f68687..5ad234921 100644
--- a/libbb/bb_askpass.c
+++ b/libbb/bb_askpass.c
@@ -9,7 +9,6 @@
*/
#include <termios.h>
-//#include <sys/ioctl.h>
#include "libbb.h"
@@ -20,18 +19,22 @@ static void askpass_timeout(int ATTRIBUTE_UNUSED ignore)
char *bb_askpass(int timeout, const char * prompt)
{
- static char passwd[64];
+ /* Was static char[BIGNUM] */
+ enum { sizeof_passwd = 128 };
+ static char *passwd;
char *ret;
int i;
struct sigaction sa;
struct termios old, new;
+ if (!passwd)
+ passwd = xmalloc(sizeof_passwd);
+ memset(passwd, 0, sizeof_passwd);
+
tcgetattr(STDIN_FILENO, &old);
tcflush(STDIN_FILENO, TCIFLUSH);
- memset(passwd, 0, sizeof(passwd));
-
fputs(prompt, stdout);
fflush(stdout);
@@ -48,7 +51,9 @@ char *bb_askpass(int timeout, const char * prompt)
}
ret = NULL;
- if (read(STDIN_FILENO, passwd, sizeof(passwd)-1) > 0) {
+ /* On timeout, read will hopefully be interrupted by SIGALRM,
+ * and we return NULL */
+ if (read(STDIN_FILENO, passwd, sizeof_passwd-1) > 0) {
ret = passwd;
i = 0;
/* Last byte is guaranteed to be 0
@@ -64,7 +69,7 @@ char *bb_askpass(int timeout, const char * prompt)
}
tcsetattr(STDIN_FILENO, TCSANOW, &old);
- puts("");
+ putchar('\n');
fflush(stdout);
return ret;
}
diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c
index d546bc883..e9cf4e3b8 100644
--- a/libbb/pw_encrypt.c
+++ b/libbb/pw_encrypt.c
@@ -12,18 +12,16 @@
char *pw_encrypt(const char *clear, const char *salt)
{
- static char cipher[128];
- char *cp;
+ /* Was static char[BIGNUM]. Malloced thing works as well */
+ static char *cipher;
#if 0 /* was CONFIG_FEATURE_SHA1_PASSWORDS, but there is no such thing??? */
if (strncmp(salt, "$2$", 3) == 0) {
return sha1_crypt(clear);
}
#endif
- cp = (char *) crypt(clear, salt);
- /* if crypt (a nonstandard crypt) returns a string too large,
- truncate it so we don't overrun buffers and hope there is
- enough security in what's left */
- safe_strncpy(cipher, cp, sizeof(cipher));
+
+ free(cipher);
+ cipher = xstrdup(crypt(clear, salt));
return cipher;
}