Browse Source

md5 passwords: reduce static usage

    text           data     bss     dec     hex filename
-   1875              0     120    1995     7cb libcrypt/md5.o
+   1855              0      35    1890     762 libcrypt/md5.o

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Denys Vlasenko 14 years ago
parent
commit
6943b8336e
1 changed files with 11 additions and 8 deletions
  1. 11 8
      libcrypt/md5.c

+ 11 - 8
libcrypt/md5.c

@@ -531,7 +531,8 @@ static void __md5_to64( char *s, unsigned long v, int n)
 char *__md5_crypt(const unsigned char *pw, const unsigned char *salt)
 char *__md5_crypt(const unsigned char *pw, const unsigned char *salt)
 {
 {
 	/* Static stuff */
 	/* Static stuff */
-	static char passwd[120];
+	/* "$1$" + salt_up_to_8_chars + "$" + 22_bytes_of_hash + NUL */
+	static char passwd[3 + 8 + 1 + 22 + 1];
 
 
 	const unsigned char *sp, *ep;
 	const unsigned char *sp, *ep;
 	char *p;
 	char *p;
@@ -584,9 +585,9 @@ char *__md5_crypt(const unsigned char *pw, const unsigned char *salt)
 	}
 	}
 
 
 	/* Now make the output string */
 	/* Now make the output string */
-	strcpy(passwd,__md5__magic);
-	strncat(passwd,sp,sl);
-	strcat(passwd,"$");
+	strcpy(passwd,__md5__magic); /* 3 bytes */
+	strncpy(passwd+MD5_MAGIC_LEN,(char*)sp,sl); /* 8 or less */
+	passwd[MD5_MAGIC_LEN+sl] = '$';
 
 
 	__md5_Final(final,&ctx);
 	__md5_Final(final,&ctx);
 
 
@@ -615,15 +616,17 @@ char *__md5_crypt(const unsigned char *pw, const unsigned char *salt)
 		__md5_Final(final,&ctx1);
 		__md5_Final(final,&ctx1);
 	}
 	}
 
 
-	p = passwd + strlen(passwd);
-
+	/* Add 5*4+2 = 22 bytes of hash, + NUL byte. */
+	p = passwd + MD5_MAGIC_LEN + sl + 1;
 	final[16] = final[5];
 	final[16] = final[5];
 	for ( i=0 ; i < 5 ; i++ ) {
 	for ( i=0 ; i < 5 ; i++ ) {
 		l = (final[i]<<16) | (final[i+6]<<8) | final[i+12];
 		l = (final[i]<<16) | (final[i+6]<<8) | final[i+12];
-		__md5_to64(p,l,4); p += 4;
+		__md5_to64(p,l,4);
+		p += 4;
 	}
 	}
 	l = final[11];
 	l = final[11];
-	__md5_to64(p,l,2); p += 2;
+	__md5_to64(p,l,2);
+	p += 2;
 	*p = '\0';
 	*p = '\0';
 
 
 	/* Don't leave anything around in vm they could use. */
 	/* Don't leave anything around in vm they could use. */