diff options
| author | Madelyn Olson <matolson@amazon.com> | 2020-05-14 11:07:51 -0700 |
|---|---|---|
| committer | antirez <antirez@gmail.com> | 2020-05-22 12:37:49 +0200 |
| commit | cdcf5af5aa0cf8dcff4e78dded1ca8c5fb818b5f (patch) | |
| tree | ed6a4a19b093cb365ccef9226282a506fb509bfd | |
| parent | e8b09d22032f3dd1d2d53ea7f433ec6e78a0b180 (diff) | |
| download | redis-cdcf5af5aa0cf8dcff4e78dded1ca8c5fb818b5f.tar.gz | |
Converge hash validation for adding and removing
| -rw-r--r-- | src/acl.c | 35 |
1 files changed, 21 insertions, 14 deletions
@@ -166,6 +166,25 @@ sds ACLHashPassword(unsigned char *cleartext, size_t len) { return sdsnewlen(hex,HASH_PASSWORD_LEN); } +/* Given a hash and the hash length, returns C_OK if it is a valid password + * hash, or C_ERR otherwise. */ +int ACLCheckPasswordHash(unsigned char *hash, int hashlen) { + if (hashlen != HASH_PASSWORD_LEN) { + return C_ERR; + } + + /* Password hashes can only be characters that represent + * hexadecimal values, which are numbers and lowercase + * characters 'a' through 'f'. */ + for(int i = 0; i < HASH_PASSWORD_LEN; i++) { + char c = hash[i]; + if ((c < 'a' || c > 'f') && (c < '0' || c > '9')) { + return C_ERR; + } + } + return C_OK; +} + /* ============================================================================= * Low level ACL API * ==========================================================================*/ @@ -753,22 +772,10 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { if (op[0] == '>') { newpass = ACLHashPassword((unsigned char*)op+1,oplen-1); } else { - if (oplen != HASH_PASSWORD_LEN + 1) { + if (ACLCheckPasswordHash((unsigned char*)op+1,oplen-1) == C_ERR) { errno = EBADMSG; return C_ERR; } - - /* Password hashes can only be characters that represent - * hexadecimal values, which are numbers and lowercase - * characters 'a' through 'f'. - */ - for(int i = 1; i < HASH_PASSWORD_LEN + 1; i++) { - char c = op[i]; - if ((c < 'a' || c > 'f') && (c < '0' || c > '9')) { - errno = EBADMSG; - return C_ERR; - } - } newpass = sdsnewlen(op+1,oplen-1); } @@ -784,7 +791,7 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { if (op[0] == '<') { delpass = ACLHashPassword((unsigned char*)op+1,oplen-1); } else { - if (oplen != HASH_PASSWORD_LEN + 1) { + if (ACLCheckPasswordHash((unsigned char*)op+1,oplen-1) == C_ERR) { errno = EBADMSG; return C_ERR; } |