From 9b8bf7f46f3f537d0d09be0c51aaeb9ee088d370 Mon Sep 17 00:00:00 2001 From: sfja Date: Sat, 22 Mar 2025 01:58:54 +0100 Subject: [PATCH] zero hash data --- backend/src/controllers/sessions.c | 4 ++-- backend/src/utils/str.c | 2 +- backend/test/test.ts | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/backend/src/controllers/sessions.c b/backend/src/controllers/sessions.c index e52782e..91a1f6e 100644 --- a/backend/src/controllers/sessions.c +++ b/backend/src/controllers/sessions.c @@ -29,7 +29,7 @@ void route_post_sessions_login(HttpCtx* ctx) User user; DbRes db_res = db_user_with_email(cx->db, &user, req.email); if (db_res == DbRes_NotFound) { - RESPOND_BAD_REQUEST(ctx, "user with email not found"); + RESPOND_BAD_REQUEST(ctx, "incorrect email or password"); goto l0_return; } else if (db_res == DbRes_Error) { RESPOND_SERVER_ERROR(ctx); @@ -37,7 +37,7 @@ void route_post_sessions_login(HttpCtx* ctx) } if (!str_hash_equal(user.password_hash, req.password)) { - RESPOND_BAD_REQUEST(ctx, "wrong password"); + RESPOND_BAD_REQUEST(ctx, "incorrect email or password"); goto l2_return; } diff --git a/backend/src/utils/str.c b/backend/src/utils/str.c index 4a54cee..4d9ebb8 100644 --- a/backend/src/utils/str.c +++ b/backend/src/utils/str.c @@ -149,7 +149,7 @@ static inline HashData hashdata_from_str_and_salt( memcpy(data.salt, salt, STR_HASH_SALT_SIZE); size_t input_size = MAX_HASH_INPUT_LEN + str_length; - uint8_t* input_data = malloc(input_size); + uint8_t* input_data = calloc(input_size, 1); memcpy(input_data, data.salt, STR_HASH_SALT_SIZE); memcpy(&input_data[STR_HASH_SALT_SIZE], str, str_length); diff --git a/backend/test/test.ts b/backend/test/test.ts index d06d7bd..2479088 100644 --- a/backend/test/test.ts +++ b/backend/test/test.ts @@ -26,6 +26,7 @@ Deno.test("test backend", async (t) => { { email, password }, ); + //console.log(loginRes); assertEquals(loginRes.ok, true); assertMatch(loginRes.token, /^[0-9a-zA-Z]+$/); token = loginRes.token;