c++ - crypt in c++ returning different strings(or no string at all)
问题描述
I am trying to create a shadowfile-like txt file and I am using crypt to produce the hash. I ask for password via terminal and i produce a pseudo-random salt. I give these two values in crypt function but it creates a different hash everytime or nothing at all and I cannot get what's wrong with my code.
#include<stdio.h>
#include<cstdlib>
#include<iostream>
#include<fstream>
#include<ctime>
#include<crypt.h>
#include<unistd.h>
using namespace std;
/*====== READ STRING DYNAMICALLY ======*/
char* readFromTerminal() {
int length = 0; //counts number of characters
char c; //holds last read character
char *input;
input = (char *) malloc(sizeof (char)); //Allocate initial memory
if (input == NULL) //Fail if allocating of memory not possible
{
printf("Could not allocate memory!");
exit(1);
}
while ((c = getchar()) != '\n') //until end of line
{
realloc(input, (sizeof (char))); //allocate more memory
input[length++] = c; //save entered character
}
input[length] = '\0'; //add terminator
return input;
}
/*====== GENERATE PSEUDO RANDOM SALT VALUE ======*/
char* generateSalt() {
const char alphanum[] =
"0123456789"
"!@#$%^&*"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"; //salt alphanum
int alphanumLength = sizeof (alphanum) - 1; // alphanum lenght
char *salt; //salt string
salt = (char *) malloc(sizeof (char)); //Allocate initial memory
if (salt == NULL) //Fail if allocating of memory not possible
{
printf("Could not allocate memory!");
exit(1);
}
srand(time(NULL));
for (int i = 0; i < 21; i++) {
realloc(salt, (sizeof (char))); //allocate more memory
salt[i] = alphanum[rand() % alphanumLength]; //generate a random character from the alphanum
}
salt[21] = '\0'; //add terminator
return salt;
}
/*====== MAIN ======*/
int main(int argc, char** argv) {
char *username, *password, *salt, *hash;
ofstream myshadow("myshadow.txt", ios::out);
cout << "Enter your username: ";
username = readFromTerminal();
cout << "Enter your password: ";
password = readFromTerminal();
salt = generateSalt();
hash = (char *) malloc(30 * sizeof (char)); //Allocate memory for hash
hash = crypt(password, salt);
myshadow << username << ":" << hash;
return 0;
}
解决方案
这里有很多需要改进的地方!
char *
当 C++ 附带时,你使用 rawstd::string
- 您使用明确
malloc
的realloc
,仅此而已,让我们认为问题很快就会到来
手动内存管理需要非常谨慎的编程。这里的错误是由不正确的使用引起的realloc
: size 参数给出了新的总分配大小,而不是增量。因此,您应该跟踪分配的大小,增加它并使用该新值调用 realloc。并且realloc
可能会返回一个新的内存块,您应该始终使用:
input = (char *) realloc(input, new_size);
generateSalt
顺便说一句, ...中的等效问题
但是所有内容都已包含在 C++ 中,感谢std::getline
!此外,当 old遭受许多默认值时,该<random>
模块配备了出色的生成器(仅 google for rand vs. random)rand
所以代码可以被精简为:
include<iostream>
#include<fstream>
#include<unistd.h>
#include <random>
using namespace std;
std::string generateSalt() {
const char alphanum[] =
"0123456789"
"!@#$%^&*"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"; //salt alphanum
std::random_device rd; //Will be used to obtain a seed for the random number engine
std::mt19937 gen(rd()); //Standard mersenne_twister_engine seeded with rd()
std::uniform_int_distribution<> dis(0, sizeof(alphanum)-1); //Uniform distribution on an interval
char salt[22]; // 21 useful characters in salt (as in original code)
for(char& c: salt) {
c = alphanum[dis(gen)];
}
salt[21] = 0;
return std::string(salt);
}
/*====== MAIN ======*/
int main(int argc, char** argv) {
string username, password, salt, hash;
ofstream myshadow("myshadow.txt", ios::out);
cout << "Enter your username: ";
if (! getline(cin, username)) return 1;
cout << "Enter your password: ";
if (! getline(cin, password)) return 1;
salt = generateSalt();
hash = crypt(password.c_str(), salt.c_str());
myshadow << username << ":" << hash;
return 0;
}
使用 C++ 字符串的另一个好处是分配和释放是自动处理的,无需调用free
...
推荐阅读
- flutter - 如何在 Flutter 中显示对话框而不在 HookWidget 中使用 Buildcontext
- asp.net - 基于数据库字段 Asp.net 动态创建控件
- android - 为什么 FindViewById 不出来?如果我自己写它会变红
- java - 如何正确地将 EntityManager 注入 JAX-WS Web 服务?
- ios - 查找 MKMapView 的最大缩放级别,并知道何时达到
- amazon-web-services - 更新 AWS Elastic Beanstalk 部署的 Webapp 使用的数据
- django - Django Child模板未加载表单
- sql - 有没有办法找出 SQL Server 中两个时间范围的重叠?
- spring - Javax 验证不适用于引导休息控制器参数
- php - constraint() 和 reference() / Laravel 6 之间的区别