From 69e6e619c1c26f00cbab2b3efef53b9d6458680f Mon Sep 17 00:00:00 2001 From: Paul Querna Date: Tue, 19 Feb 2008 16:55:47 +0000 Subject: [PATCH] Improve salt string generation. PR: 31440 Submited by: Andreas Krennmair git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@629159 13f79535-47bb-0310-9956-ffa450edef68 --- support/htpasswd.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/support/htpasswd.c b/support/htpasswd.c index bd7e203f8e..ac259809c9 100644 --- a/support/htpasswd.c +++ b/support/htpasswd.c @@ -115,6 +115,18 @@ static void to64(char *s, unsigned long v, int n) } } +static void generate_salt(char *s, size_t size) +{ + static unsigned char tbl[] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + size_t i; + for (i = 0; i < size; ++i) { + int idx = (int) (64.0 * rand() / (RAND_MAX + 1.0)); + s[i] = tbl[idx]; + } +} + + static void putline(apr_file_t *f, const char *l) { apr_file_puts(l, f); @@ -163,7 +175,7 @@ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd, case ALG_APMD5: (void) srand((int) time((time_t *) NULL)); - to64(&salt[0], rand(), 8); + generate_salt(&salt[0], 8); salt[8] = '\0'; apr_md5_encode((const char *)pw, (const char *)salt, -- 2.50.1