Fix auth for Debian 10

1 files changed, 10 insertions, 14 deletions

diff --git a/auth.cpp b/auth.cpp
index c9c9765..451c1ce 100644
--- a/auth.cpp
+++ b/auth.cpp
@@ -11,16 +11,18 @@ std::string Auth::generate(const std::string& pw)
 {
  struct crypt_data data;
  memset((void *)&data, '\0', sizeof(data));
+
+ char setting[1000];
  
- if (crypt_gensalt_rn("$6$", 2000, nullptr, 0, data.setting, sizeof(data.setting)) == nullptr)
+ if (crypt_gensalt_rn("$6$", 2000, nullptr, 0, setting, sizeof(setting)) == nullptr)
   throw std::runtime_error("Error on crypt_gensalt_r()");
 
- strncpy(data.input, pw.data(), sizeof(data.input));
+ char* result;
 
- if (crypt_r(data.input, data.setting, &data) == nullptr)
+ if ((result = crypt_r(pw.data(), setting, &data)) == nullptr)
   throw std::runtime_error("Error on crypt_r()");
 
- return data.output;
+ return result;
 }
 
 // validate specified password against crypted hash
@@ -35,20 +37,14 @@ bool Auth::validate(const std::string& crypted, const std::string& pw)
   return false;
  }
 
- if (sizeof(data.setting) <= pos) {
-  std::cerr << "Warning: Bad password hash configured (salt size)" << std::endl;
-  return false;
- }
-
- memcpy(&data.setting, crypted.data(), pos);
-
- strncpy(data.input, pw.data(), sizeof(data.input));
+ std::string setting{crypted.substr(0, pos)};
 
- if (crypt_r(data.input, data.setting, &data) == nullptr) {
+ char* output;
+ if ((output = crypt_r(pw.data(), setting.data(), &data)) == nullptr) {
   std::cerr << "Warning: Error on crypt_r()" << std::endl;
   return false;
  }
 
- return crypted == data.output;
+ return crypted == output;
 }