-
Notifications
You must be signed in to change notification settings - Fork 6
/
hardcoded_password.c
92 lines (72 loc) · 2.23 KB
/
hardcoded_password.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
/* This software was developed at the National Institute of Standards and
* Technology by employees of the Federal Government in the course of their
* official duties. Pursuant to title 17 Section 105 of the United States
* Code this software is not subject to copyright protection and is in the
* public domain. NIST assumes no responsibility whatsoever for its use by
* other parties, and makes no guarantees, expressed or implied, about its
* quality, reliability, or any other characteristic.
* We would appreciate acknowledgement if the software is used.
* The SAMATE project website is: http://samate.nist.gov
*/
#include <pwd.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <termios.h>
#include <unistd.h>
static bool loggedin = false;
/* Replacement to memset() that cannot be optimized out */
char *my_memset_s(void *s, int c, size_t n) {
volatile uint8_t *p = (uint8_t *)s;
while (n--)
*p++ = c;
return s;
}
/* Reads a password from a terminal - replaces obsolete getpass() function */
char *getpass_r(const char *prompt) {
struct termios oflags, nflags;
char password[64] = {'\0'};
char *ret = NULL;
/* Disabling echo */
if (tcgetattr(fileno(stdin), &oflags))
return NULL;
nflags = oflags;
nflags.c_lflag &= ~ECHO;
nflags.c_lflag |= ECHONL;
if (tcsetattr(fileno(stdin), TCSAFLUSH, &nflags))
return NULL;
/* Read the password */
fprintf(stderr, "%s", prompt);
ret = fgets(password, sizeof(password), stdin);
/* Restore echo */
if (tcsetattr(fileno(stdin), TCSAFLUSH, &oflags)) {
my_memset_s(password, 0, sizeof(password));
return NULL;
}
if (ret) {
strtok(password, "\n");
ret = strdup(password);
my_memset_s(password, 0, sizeof(password));
}
return ret;
}
int main(int argc, char *argv[]) {
int attempts = 0;
char *password;
while (attempts++ < 3 && !loggedin) {
password = getpass_r("Password: ");
if (password != NULL) {
if (strcmp(password, "0xDEADBEEF") == 0) {
loggedin = true;
printf("Logged in\n");
} else
printf("Wrong password\n");
my_memset_s(password, 0, strlen(password));
free(password);
}
}
return 0;
}