« previous next »
Pages: [1]

Author Topic: fnCheckPass problem  (Read 6329 times)

Offline Chris87

  • Newbie
  • *
  • Posts: 1
    • View Profile
fnCheckPass problem
« on: September 20, 2010, 03:58:40 PM »
Hi all

I was testing the function fnCheckPass in webutils.c when I found a problem with the lines:

Code: [Select]
   if ((ucCnt < 8 ) && (*ucNewInput != '&')) {     // if we quit because the end of the reference has been found, we check that also the new input has exactly the same length
        return 1;                                              // bad password!!
    }
    return 0;  
because if the new password (ucNewInput) matches only the first character and has added the '&' character as part of the word typed by the user, the algorithm returns 0, ignoring the length of the reference password (cReference).

The solution to the problem would be:

Code: [Select]
    if ((ucCnt < 8) && (*cReference != '&'))                   // if we quit because the end of the reference has been found,
    {                                                                    // we check that also the new input has exactly the same length
        return 1;                                                        // bad password!!
    }
    return 0;
Regards

Cristian
« Last Edit: September 20, 2010, 05:54:08 PM by Chris87 »
Logged

Offline mark

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3236
    • View Profile
    • uTasker
Re: fnCheckPass problem
« Reply #1 on: September 20, 2010, 07:54:16 PM »
Hi Cristian

Yes, this is a weakness in the release from the beginning of this year.

See this also: http://www.utasker.com/forum/index.php?topic=719.msg3820#msg3820
The solution there is integrated in the development version and also removes the restriction concerning the length of the string.

Regards

Mark
Logged
Pages: [1]
« previous next »