# include <openssl/des.h>
#endif
#ifndef NO_APR1
-# include <openssl/des.h>
+# include <openssl/md5.h>
#endif
* -reverse - switch table columns
*/
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
int ret = 1;
int in_stdin = 0;
char *salt = NULL, *passwd = NULL, **passwds = NULL;
char *salt_malloc = NULL, *passwd_malloc = NULL;
+ size_t passwd_malloc_size = 0;
int pw_source_defined = 0;
BIO *in = NULL, *out = NULL;
int i, badopt, opt_done;
if (passwds == NULL)
{
/* no passwords on the command line */
- passwd = passwd_malloc = Malloc(pw_maxlen + 1);
+
+ passwd_malloc_size = pw_maxlen + 2;
+ /* longer than necessary so that we can warn about truncation */
+ passwd = passwd_malloc = Malloc(passwd_malloc_size);
if (passwd_malloc == NULL)
goto err;
}
passwds = passwds_static;
if (in == NULL)
- if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
+ if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
goto err;
passwds[0] = passwd_malloc;
}
MD5_Init(&md2);
MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,
- (i & 1) ? passwd_len : sizeof buf);
+ (i & 1) ? passwd_len : sizeof buf);
if (i % 3)
MD5_Update(&md2, salt_out, salt_len);
if (i % 7)
MD5_Update(&md2, passwd, passwd_len);
- MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
+ MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
(i & 1) ? sizeof buf : passwd_len);
MD5_Final(buf, &md2);
}
buf_perm[dest] = buf[source];
buf_perm[14] = buf[5];
buf_perm[15] = buf[11];
+#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
assert(16 == sizeof buf_perm);
+#endif
output = salt_out + salt_len;
assert(output == out_buf + strlen(out_buf));