fix(delagent): repair generation of hash for authentication

maxhbr · maxhbr · commit b4645c476238 · 2016-03-01T14:11:59.000+01:00
* The function `SHA1(...)` could generate strings containing `\000`
  which did not work with the following call of `strlen(...)`
* This is solved, since one knows that a SHA1 hash as hex is 40
  characters long (20 chars for the raw value)
* The old test, whether the creation of the sha1 failed, can not work
  since the first char could also be `\000` ==&gt; removed
diff --git a/src/delagent/agent/util.c b/src/delagent/agent/util.c
@@ -95,9 +95,9 @@ int authentication(char *user, char *password, int *user_id, int *user_perm)
   char SQL[MAXSQL] = {0};
   PGresult *result;
   char user_seed[myBUFSIZ] = {0};
-  char pass_hash_valid[myBUFSIZ] = {0};
-  unsigned char hash_value[myBUFSIZ] = {0};
-  char pass_hash_actual[myBUFSIZ] = {0};
+  char pass_hash_valid[41] = {0};
+  unsigned char pass_hash_actual_raw[21] = {0};
+  char pass_hash_actual[41] = {0};
 
   /** get user_seed, user_pass on one specified user */
   snprintf(SQL,MAXSQL,"SELECT user_seed, user_pass, user_perm, user_pk from users where user_name='%s';", user);
@@ -118,22 +118,17 @@ int authentication(char *user, char *password, int *user_id, int *user_perm)
   if (user_seed[0] && pass_hash_valid[0])
   {
     strcat(user_seed, password);  // get the hash code on seed+pass
-    SHA1((unsigned char *)user_seed, strlen(user_seed), hash_value);
-    if (!hash_value[0])
-    {
-      LOG_FATAL("ERROR, failed to get sha1 value\n");
-      return -1;
-    }
+    SHA1((unsigned char *)user_seed, strlen(user_seed), pass_hash_actual_raw);
   }
   else
   {
     return -1;
   }
   int i = 0;
   char temp[256] = {0};
-  for (i = 0; i < strlen((char *)hash_value); i++)
+  for (i = 0; i < 20; i++)
   {
-    snprintf(temp, 256, "%02x", hash_value[i]);
+    snprintf(temp, 256, "%02x", pass_hash_actual_raw[i]);
     strcat(pass_hash_actual, temp);
   }
   return strcmp(pass_hash_valid, pass_hash_actual) == 0;
