* grub-core/tests/legacy_password_test.c: New test.

* grub-core/commands/legacycfg.c: Remove variable length arrays.
2013-11-12 02:38:33 +01:00 · 2013-11-12 02:38:33 +01:00 · 15decd26cc
commit 15decd26cc
parent 9c6482b8d6
6 changed files with 114 additions and 16 deletions
--- a/grub-core/commands/legacycfg.c
+++ b/grub-core/commands/legacycfg.c
@ -553,8 +553,13 @@ check_password_md5_real (const char *entered,
  grub_size_t enteredlen = grub_strlen (entered);
  unsigned char alt_result[MD5_HASHLEN];
  unsigned char *digest;
-  grub_uint8_t ctx[GRUB_MD_MD5->contextsize];
+  grub_uint8_t *ctx;
  grub_size_t i;
+  int ret;
+
+  ctx = grub_zalloc (GRUB_MD_MD5->contextsize);
+  if (!ctx)
+    return 0;

  GRUB_MD_MD5->init (ctx);
  GRUB_MD_MD5->write (ctx, entered, enteredlen);
@ -600,7 +605,9 @@ check_password_md5_real (const char *entered,
      GRUB_MD_MD5->final (ctx);
    }

-  return (grub_crypto_memcmp (digest, pw->hash, MD5_HASHLEN) == 0);
+  ret = (grub_crypto_memcmp (digest, pw->hash, MD5_HASHLEN) == 0);
+  grub_free (ctx);
+  return ret;
 }

 static grub_err_t
@ -723,18 +730,11 @@ grub_cmd_legacy_password (struct grub_command *mycmd __attribute__ ((unused)),
 					      NULL);
 }

-static grub_err_t
-grub_cmd_legacy_check_password (struct grub_command *mycmd __attribute__ ((unused)),
-				int argc, char **args)
+int
+grub_legacy_check_md5_password (int argc, char **args,
+				char *entered)
 {
  struct legacy_md5_password *pw = NULL;
-  char entered[GRUB_AUTH_MAX_PASSLEN];
-
-  if (argc == 0)
-    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
-  grub_puts_ (N_("Enter password: "));
-  if (!grub_password_get (entered, GRUB_AUTH_MAX_PASSLEN))
-    return GRUB_ACCESS_DENIED;

  if (args[0][0] != '-' || args[0][1] != '-')
    {
@ -743,17 +743,31 @@ grub_cmd_legacy_check_password (struct grub_command *mycmd __attribute__ ((unuse
      grub_memset (correct, 0, sizeof (correct));
      grub_strncpy (correct, args[0], sizeof (correct));

-      if (grub_crypto_memcmp (entered, correct, GRUB_AUTH_MAX_PASSLEN) != 0)
-	return GRUB_ACCESS_DENIED;
-      return GRUB_ERR_NONE;
+      return grub_crypto_memcmp (entered, correct, GRUB_AUTH_MAX_PASSLEN) == 0;
    }

  pw = parse_legacy_md5 (argc, args);

  if (!pw)
+    return 0;
+
+  return check_password_md5_real (entered, pw);
+}
+
+static grub_err_t
+grub_cmd_legacy_check_password (struct grub_command *mycmd __attribute__ ((unused)),
+				int argc, char **args)
+{
+  char entered[GRUB_AUTH_MAX_PASSLEN];
+
+  if (argc == 0)
+    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+  grub_puts_ (N_("Enter password: "));
+  if (!grub_password_get (entered, GRUB_AUTH_MAX_PASSLEN))
    return GRUB_ACCESS_DENIED;

-  if (!check_password_md5_real (entered, pw))
+  if (!grub_legacy_check_md5_password (argc, args,
+				       entered))
    return GRUB_ACCESS_DENIED;

  return GRUB_ERR_NONE;