annotate pw.c @ 33:fa93d2ff9c62

Prevent potential division by zero Add safeguard ensuring that there is at least one possible character to generate passwords from in order to exclude the possibility of a division by zero error in rand_uniform.
author Guido Berhoerster <guido+pwm@berhoerster.name>
date Tue, 30 Jul 2019 20:38:08 +0200
parents 8768fbd09bc5
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
12
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
1 /*
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
2 * Copyright (C) 2017 Guido Berhoerster <guido+pwm@berhoerster.name>
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
3 *
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
4 * Permission is hereby granted, free of charge, to any person obtaining
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
5 * a copy of this software and associated documentation files (the
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
6 * "Software"), to deal in the Software without restriction, including
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
7 * without limitation the rights to use, copy, modify, merge, publish,
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
8 * distribute, sublicense, and/or sell copies of the Software, and to
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
9 * permit persons to whom the Software is furnished to do so, subject to
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
10 * the following conditions:
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
11 *
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
12 * The above copyright notice and this permission notice shall be included
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
13 * in all copies or substantial portions of the Software.
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
14 *
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
18 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
19 * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
20 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
21 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
22 */
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
23
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
24 #include "compat.h"
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
25
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
26 #ifdef HAVE_ERR_H
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
27 #include <err.h>
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
28 #endif /* HAVE_ERR_H */
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
29 #include <pws.h>
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
30 #include <stdint.h>
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
31 #include <string.h>
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
32
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
33 #include "pw.h"
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
34 #include "rand.h"
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
35 #include "util.h"
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
36
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
37 int
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
38 pw_genrandom(struct pw_char_group groups[], size_t groups_len, char *password,
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
39 size_t password_len)
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
40 {
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
41 int retval = -1;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
42 char *password_buf = NULL;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
43 size_t *group_matches = NULL;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
44 size_t i;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
45 size_t chars_len = 0;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
46 char *chars;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
47 size_t j;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
48 uint32_t r;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
49 size_t k;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
50
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
51 password_buf = xmalloc(password_len + 1);
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
52 password_buf[password_len] = '\0';
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
53
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
54 group_matches = xmalloc(groups_len * sizeof (size_t));
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
55
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
56 for (i = 0; i < groups_len; i++) {
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
57 chars_len += strlen(groups[i].chars);
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
58 }
33
fa93d2ff9c62 Prevent potential division by zero
Guido Berhoerster <guido+pwm@berhoerster.name>
parents: 12
diff changeset
59 if (chars_len == 0) {
fa93d2ff9c62 Prevent potential division by zero
Guido Berhoerster <guido+pwm@berhoerster.name>
parents: 12
diff changeset
60 /* there must be at least one character to choose from */
fa93d2ff9c62 Prevent potential division by zero
Guido Berhoerster <guido+pwm@berhoerster.name>
parents: 12
diff changeset
61 return (-1);
fa93d2ff9c62 Prevent potential division by zero
Guido Berhoerster <guido+pwm@berhoerster.name>
parents: 12
diff changeset
62 }
12
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
63
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
64 chars = xmalloc(chars_len + 1);
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
65 chars[0] = '\0';
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
66 for (i = 0; i < groups_len; i++) {
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
67 strcat(chars, groups[i].chars);
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
68 }
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
69
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
70 for (k = 0; k < 100000; k++) {
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
71 memset(group_matches, 0, groups_len * sizeof (size_t));
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
72
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
73 for (j = 0; j < password_len; j++) {
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
74 r = rand_uniform(chars_len);
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
75 password_buf[j] = chars[r];
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
76
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
77 for (i = 0; i < groups_len; i++) {
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
78 if (strchr(groups[i].chars, chars[r]) != NULL) {
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
79 group_matches[i]++;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
80 break;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
81 }
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
82 }
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
83 }
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
84
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
85 for (i = 0; i < groups_len; i++) {
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
86 if (group_matches[i] < groups[i].chars_min) {
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
87 /* try again */
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
88 break;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
89 }
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
90 }
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
91 if (i == groups_len) {
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
92 /* password meets all constraints */
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
93 strcpy(password, password_buf);
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
94 retval = 0;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
95 break;
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
96 }
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
97 }
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
98
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
99 free(chars);
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
100 free(group_matches);
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
101 free(password_buf);
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
102
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
103 return (retval);
8768fbd09bc5 Add generatepassword command to generate random passwords
Guido Berhoerster <guido+pwm@berhoerster.name>
parents:
diff changeset
104 }