zero hash data

2025-05-07 12:04:07 +02:00 · 2025-03-22 01:58:54 +01:00 · 2025-03-22 01:58:54 +01:00 · 9b8bf7f46f
commit 9b8bf7f46f
parent 07667d0be4
3 changed files with 4 additions and 3 deletions
--- a/backend/src/controllers/sessions.c
+++ b/backend/src/controllers/sessions.c
@ -29,7 +29,7 @@ void route_post_sessions_login(HttpCtx* ctx)
    User user;
    DbRes db_res = db_user_with_email(cx->db, &user, req.email);
    if (db_res == DbRes_NotFound) {
-        RESPOND_BAD_REQUEST(ctx, "user with email not found");
+        RESPOND_BAD_REQUEST(ctx, "incorrect email or password");
        goto l0_return;
    } else if (db_res == DbRes_Error) {
        RESPOND_SERVER_ERROR(ctx);
@ -37,7 +37,7 @@ void route_post_sessions_login(HttpCtx* ctx)
    }

    if (!str_hash_equal(user.password_hash, req.password)) {
-        RESPOND_BAD_REQUEST(ctx, "wrong password");
+        RESPOND_BAD_REQUEST(ctx, "incorrect email or password");
        goto l2_return;
    }

--- a/backend/src/utils/str.c
+++ b/backend/src/utils/str.c
@ -149,7 +149,7 @@ static inline HashData hashdata_from_str_and_salt(
    memcpy(data.salt, salt, STR_HASH_SALT_SIZE);

    size_t input_size = MAX_HASH_INPUT_LEN + str_length;
-    uint8_t* input_data = malloc(input_size);
+    uint8_t* input_data = calloc(input_size, 1);
    memcpy(input_data, data.salt, STR_HASH_SALT_SIZE);
    memcpy(&input_data[STR_HASH_SALT_SIZE], str, str_length);

--- a/backend/test/test.ts
+++ b/backend/test/test.ts
@ -26,6 +26,7 @@ Deno.test("test backend", async (t) => {
            { email, password },
        );

+        //console.log(loginRes);
        assertEquals(loginRes.ok, true);
        assertMatch(loginRes.token, /^[0-9a-zA-Z]+$/);
        token = loginRes.token;