Skip to content

Commit

Permalink
fix some weakness in code in aut_object.go
Browse files Browse the repository at this point in the history
  • Loading branch information
@sijms
sijms committed Nov 20, 2020
1 parent 896c4bb commit d765b92
Showing 1 changed file with 16 additions and 4 deletions.
20 changes: 16 additions & 4 deletions auth_object.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,10 @@ func NewAuthObject(username string, password string, tcpNego *TCPNego, session *
}
result = append([]byte(password), result...)
hash := sha1.New()
hash.Write(result)
_, err = hash.Write(result)
if err != nil {
return nil, err
}
key = hash.Sum(nil) // 20 byte key
key = append(key, 0, 0, 0, 0) // 24 byte key

Expand Down Expand Up @@ -368,17 +371,26 @@ func CalculateKeysHash(verifierType int, key1 []byte, key2 []byte) ([]byte, erro
buffer[x] = key1[x] ^ key2[x]
}

hash.Write(buffer)
_, err := hash.Write(buffer)
if err != nil {
return nil, err
}
return hash.Sum(nil), nil
case 6949:
buffer := make([]byte, 24)
for x := 0; x < 24; x++ {
buffer[x] = key1[x] ^ key2[x]
}
hash.Write(buffer[:16])
_, err := hash.Write(buffer[:16])
if err != nil {
return nil, err
}
ret := hash.Sum(nil)
hash.Reset()
hash.Write(buffer[16:])
_, err = hash.Write(buffer[16:])
if err != nil {
return nil, err
}
ret = append(ret, hash.Sum(nil)...)
return ret[:24], nil
}
Expand Down

0 comments on commit d765b92

Please sign in to comment.