Fix "'%s' directive output may be truncated writing up to 33 bytes into a region of size 30 [-Werror=format-truncation=]"

+ some explanations what's going on
+ example password from my own local test server

Some other buffers could also be shortened, but I CBA. MD5 is outdated
anyways.

1 files changed, 10 insertions, 5 deletions

diff --git a/src/elogin/md5calc.c b/src/elogin/md5calc.c
index a0d58e3..ef7f565 100644
--- a/src/elogin/md5calc.c
+++ b/src/elogin/md5calc.c
@@ -309,6 +309,10 @@ void MD5_String (const char *string, char *output)
              digest[12], digest[13], digest[14], digest[15]);
 }
 
+// This is how a TMWA password field looks like:
+// !6Qnn?$df606a4e79d93e208739004c
+// that is: '!' + 5 byte salt + '$' + 24 byte hash = 31 characters long.
+
 // Hash a password with a salt.
 char *MD5_saltcrypt(const char *key, const char *salt)
 {
@@ -316,7 +320,7 @@ char *MD5_saltcrypt(const char *key, const char *salt)
         return 0;
 
     char buf[66], *sbuf = buf+32;
-    static char obuf[33];
+    static char obuf[32];
 
     // hash the key then the salt
     // buf ends up as a 64char null terminated string
@@ -326,7 +330,8 @@ char *MD5_saltcrypt(const char *key, const char *salt)
     // Hash the buffer back into sbuf
     MD5_String(buf, sbuf);
 
-    snprintf(obuf, 32, "!%s$%s", salt, sbuf);
+    // Force salt to be 5 wide and hash 24-wide.
+    snprintf(obuf, 32, "!%-5.5s$%-24.24s", salt, sbuf);
     return(obuf);
 }
 
@@ -349,12 +354,12 @@ int pass_ok(const char *password, const char *crypted)
 
     strncpy(buf, crypted, 40);
     buf[39] = 0;
-    char *ptr = strchr(buf, '$');
+    char *ptr = strchr(buf, '$'); // ptr points to first $ in buf.
     if (ptr)
     {
-        *ptr = '\0';
+        *ptr = '\0'; // salt is now a null terminated string
 
-        if (!strcmp(crypted, MD5_saltcrypt(password, salt)))
+        if (0 == strcmp(crypted, MD5_saltcrypt(password, salt)))
             return(1);
     }
     else