--- hashalot-0.3.orig/hashalot.c +++ hashalot-0.3/hashalot.c @@ -28,25 +28,28 @@ #include "rmd160.h" #include "sha512.h" -#define PASSWDBUFFLEN 130 - typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len); +static void * +xmalloc (size_t size); + static int phash_rmd160(char dest[], size_t dest_len, const char src[], size_t src_len) { - char tmp[PASSWDBUFFLEN] = { 'A', 0, }; char key[RMD160_HASH_SIZE * 2] = { 0, }; + char *tmp = xmalloc(src_len + 2); + tmp[0] = 'A'; + tmp[1] = '\0'; - strncpy(tmp + 1, src, PASSWDBUFFLEN - 1); - tmp[PASSWDBUFFLEN - 1] = '\0'; + strncpy(tmp + 1, src, src_len); + tmp[src_len + 1] = '\0'; rmd160_hash_buffer(key, src, src_len); - rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, src_len + 1 /* dangerous! */); + rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, src_len + 1); memcpy(dest, key, dest_len); - memset (tmp, 0, PASSWDBUFFLEN); /* paranoia */ + memset (tmp, 0, src_len + 2); /* paranoia */ memset (key, 0, RMD160_HASH_SIZE * 2); /* paranoia */ return dest_len; @@ -182,7 +185,7 @@ /* function to append a "salt" to the passphrase, to better resist * dictionary attacks */ static char * -salt_passphrase(char *pass, char *salt) { +salt_passphrase(char *pass, const char *salt) { char *buf = xmalloc(strlen(pass) + strlen(salt) + 1); sprintf(buf, "%s%s", pass, salt); @@ -213,8 +216,9 @@ size_t hashlen = 0; phash_func_t func; int hex_output = 0, c; + int quiet = 0; - while ((c = getopt(argc, argv, "n:s:x")) != -1) { + while ((c = getopt(argc, argv, "n:s:qx")) != -1) { switch (c) { case 'n': hashlen = strtoul(optarg, &p, 0); @@ -229,6 +233,9 @@ case 's': salt = optarg; break; + case 'q': + quiet++; + break; case 'x': hex_output++; break; @@ -257,7 +264,7 @@ passhash = xmalloc(2*hashlen + 2); /* try to lock memory so it doesn't get swapped out for sure */ - if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) { + if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1 && !quiet) { perror("mlockall"); fputs("Warning: couldn't lock memory, are you root?\n", stderr); }