From e3cc4d877d657eba0dbd3229b82432973b174f0f Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Mon, 28 Aug 2023 16:26:35 -0900 Subject: [PATCH] Generate listsub token with a hash instead of crypt --- citadel/server/modules/listsub/serv_listsub.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/citadel/server/modules/listsub/serv_listsub.c b/citadel/server/modules/listsub/serv_listsub.c index 72d407fef..9eec96463 100644 --- a/citadel/server/modules/listsub/serv_listsub.c +++ b/citadel/server/modules/listsub/serv_listsub.c @@ -27,7 +27,6 @@ #include #include #include -#include #include #include "../../citadel_defs.h" #include "../../server.h" @@ -49,21 +48,12 @@ enum { // one of these gets passed to do_subscribe_or_unsubscribe() so it kno // The confirmation token will be generated by combining the room name and email address with the host key, -// and then generating an encrypted hash of that string. The encrypted hash is included as part of the -// confirmation link. +// and then generating a one-way hash of that string. The hash is included as part of the confirmation link. void generate_confirmation_token(char *token_buf, size_t token_buf_len, char *roomname, char *emailaddr) { char string_to_hash[1024]; - struct crypt_data cd; - char *ptr; snprintf(string_to_hash, sizeof string_to_hash, "%s|%s|%s", roomname, emailaddr, CtdlGetConfigStr("host_key")); - memset(&cd, 0, sizeof cd); - - strncpy(token_buf, crypt_r(string_to_hash, "$1$ctdl", &cd), token_buf_len); - - for (ptr=token_buf; *ptr; ++ptr) { - if (!isalnum((char)*ptr)) *ptr='X'; - } + snprintf(token_buf, token_buf_len, "%lx", FourHash(string_to_hash, strlen(string_to_hash))); } -- 2.39.2