int main(int argc, char *argv[])
{
int attempts = 0;
char *password;
while (attempts++ < 3 && !loggedin)
{
password = getpass_r("Password: "******"0xDEADBEEF") == 0) /* FLAW */
{
loggedin = true;
printf("Logged in\n");
}
else printf("Wrong password\n");
my_memset_s(password, 0, strlen(password));
free(password);
}
}
return 0;
}
APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, apr_size_t *bufsiz)
{
apr_status_t rv = APR_SUCCESS;
#if defined(HAVE_GETPASS_R)
if (getpass_r(prompt, pwbuf, *bufsiz) == NULL)
return APR_EINVAL;
#else
#if defined(HAVE_GETPASSPHRASE)
char *pw_got = getpassphrase(prompt);
#elif defined(HAVE_GETPASS)
char *pw_got = getpass(prompt);
#else /* use the replacement implementation above */
char *pw_got = get_password(prompt);
#endif
if (!pw_got)
return APR_EINVAL;
if (strlen(pw_got) >= *bufsiz) {
rv = APR_ENAMETOOLONG;
}
apr_cpystrn(pwbuf, pw_got, *bufsiz);
memset(pw_got, 0, strlen(pw_got));
#endif /* HAVE_GETPASS_R */
return rv;
}
static CURLcode checkpasswd(const char *kind, /* for what purpose */
const size_t i, /* operation index */
const bool last, /* TRUE if last operation */
char **userpwd) /* pointer to allocated string */
{
char *psep;
char *osep;
if(!*userpwd)
return CURLE_OK;
/* Attempt to find the password separator */
psep = strchr(*userpwd, ':');
/* Attempt to find the options separator */
osep = strchr(*userpwd, ';');
if(!psep && **userpwd != ';') {
/* no password present, prompt for one */
char passwd[256] = "";
char prompt[256];
size_t passwdlen;
size_t userlen = strlen(*userpwd);
char *passptr;
if(osep)
*osep = '\0';
/* build a nice-looking prompt */
if(!i && last)
curlx_msnprintf(prompt, sizeof(prompt),
"Enter %s password for user '%s':",
kind, *userpwd);
else
curlx_msnprintf(prompt, sizeof(prompt),
"Enter %s password for user '%s' on URL #%zu:",
kind, *userpwd, i + 1);
/* get password */
getpass_r(prompt, passwd, sizeof(passwd));
passwdlen = strlen(passwd);
if(osep)
*osep = ';';
/* extend the allocated memory area to fit the password too */
passptr = realloc(*userpwd,
passwdlen + 1 + /* an extra for the colon */
userlen + 1); /* an extra for the zero */
if(!passptr)
return CURLE_OUT_OF_MEMORY;
/* append the password separated with a colon */
passptr[userlen] = ':';
memcpy(&passptr[userlen + 1], passwd, passwdlen + 1);
*userpwd = passptr;
}
return CURLE_OK;
}
ParameterError checkpasswd(const char *kind, /* for what purpose */
char **userpwd) /* pointer to allocated string */
{
char *psep;
char *osep;
if(!*userpwd)
return PARAM_OK;
/* Attempt to find the password separator */
psep = strchr(*userpwd, ':');
/* Attempt to find the options separator */
osep = strchr(*userpwd, ';');
if(!psep && **userpwd != ';') {
/* no password present, prompt for one */
char passwd[256] = "";
char prompt[256];
size_t passwdlen;
size_t userlen = strlen(*userpwd);
char *passptr;
if(osep)
*osep = '\0';
/* build a nice-looking prompt */
curlx_msnprintf(prompt, sizeof(prompt),
"Enter %s password for user '%s':",
kind, *userpwd);
/* get password */
getpass_r(prompt, passwd, sizeof(passwd));
passwdlen = strlen(passwd);
if(osep)
*osep = ';';
/* extend the allocated memory area to fit the password too */
passptr = realloc(*userpwd,
passwdlen + 1 + /* an extra for the colon */
userlen + 1); /* an extra for the zero */
if(!passptr)
return PARAM_NO_MEM;
/* append the password separated with a colon */
passptr[userlen] = ':';
memcpy(&passptr[userlen+1], passwd, passwdlen+1);
*userpwd = passptr;
}
return PARAM_OK;
}
void
test(void)
{
char *password = getpass_r("Password: "******"Mew!")) /* FLAW */
{
my_memset_s(password, 0, strlen(password));
free(password);
printf("Incorrect Password!\n");
return;
}
my_memset_s(password, 0, strlen(password));
free(password);
}
printf("Entering Diagnostic Mode...\n");
}
int main(int argc, char *argv[])
{
unsigned int u;
char *password;
struct
{
char *name;
uid_t uid;
char *password;
} users[2];
users[0].name = "mark";
users[0].password = "******";
users[1].name = "mel";
users[1].password = "******";
for (u = 0; u < sizeof(users) / sizeof(*users); ++u)
{
fprintf(stderr, "Username: %s\n", users[u].name);
password = getpass_r("Password: "******"Logged in\nWelcome %s!\n", users[u].name);
free(password);
break;
}
free(password);
}
}
return 0;
}
