aboutsummaryrefslogtreecommitdiff
path: root/appl/otp/otp.c
diff options
context:
space:
mode:
Diffstat (limited to 'appl/otp/otp.c')
-rw-r--r--appl/otp/otp.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/appl/otp/otp.c b/appl/otp/otp.c
index 516669f1d4b4..a34fe814eed9 100644
--- a/appl/otp/otp.c
+++ b/appl/otp/otp.c
@@ -118,16 +118,22 @@ verify_user_otp(char *username)
{
OtpContext ctx;
char passwd[OTP_MAX_PASSPHRASE + 1];
- char prompt[128], ss[256];
+ char ss[256];
+ char *prompt = NULL;
if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) {
warnx("no otp challenge found for %s", username);
return 1;
}
- snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss);
- if(UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0))
+ if (asprintf(&prompt, "%s's %s Password: ", username, ss) == -1 ||
+ prompt == NULL)
+ return 1;
+ if(UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)) {
+ free(prompt);
return 1;
+ }
+ free(prompt);
return otp_verify_user (&ctx, passwd);
}
@@ -153,7 +159,8 @@ set (int argc, char **argv, OtpAlgorithm *alg, char *inuser)
strlcpy (ctx.seed, argv[1], sizeof(ctx.seed));
strlwr(ctx.seed);
do {
- if (UI_UTIL_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1))
+ if (UI_UTIL_read_pw_string (pw, sizeof(pw), "Pass-phrase: ",
+ UI_UTIL_FLAG_VERIFY))
return 1;
if (strlen (pw) < OTP_MIN_PASSPHRASE)
printf ("Too short pass-phrase. Use at least %d characters\n",
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-23 07:38:51 +0000