* Copyright 2014
* The Board of Trustees of the Leland Stanford Junior University
*
- * See LICENSE for licensing terms.
+ * SPDX-License-Identifier: MIT
*/
#include <config.h>
const char *password)
{
krb5_error_code code;
- size_t length, prefix_length, suffix_length;
+ size_t length;
+ int prefix_length, suffix_length;
char *prefix = NULL;
char *drowssap = NULL;
bool found = false;
* Determine the length of the prefix and suffix into which we'll divide
* the string. Passwords shorter than two characters cannot be
* meaningfully checked using this method and cause boundary condition
- * problems.
+ * problems. Passwords longer than INT_MAX cannot be passed to the SQLite
+ * library.
*/
length = strlen(password);
- if (length < 2)
+ if (length < 2 || length > INT_MAX)
return 0;
- prefix_length = length / 2;
- suffix_length = length - prefix_length;
+ prefix_length = (int) length / 2;
+ suffix_length = (int) length - prefix_length;
/* Obtain the reversed password, used for suffix checks. */
drowssap = reverse_string(password);
goto found;
/* No match. Clean up and return success. */
- memset(prefix, 0, length);
- memset(drowssap, 0, length);
+ explicit_bzero(prefix, length);
+ explicit_bzero(drowssap, length);
free(prefix);
free(drowssap);
return 0;
code = strength_error_dict(ctx, ERROR_DICT);
fail:
- memset(prefix, 0, length);
- memset(drowssap, 0, length);
+ if (prefix != NULL)
+ explicit_bzero(prefix, length);
+ explicit_bzero(drowssap, length);
free(prefix);
free(drowssap);
return code;