From bea618a3e2513ddfd332d0f307b08166002c9d74 Mon Sep 17 00:00:00 2001
From: dim <dim@FreeBSD.org>
Date: Sat, 17 Dec 2011 13:14:44 +0000
Subject: In usr.bin/csup/auth.c, use the correct number of bytes for zeroing
 the shared secret, and use long long format to snprintf a time_t.

MFC after:	1 week
---
 usr.bin/csup/auth.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'usr.bin')

diff --git a/usr.bin/csup/auth.c b/usr.bin/csup/auth.c
index f24cd00..516be70 100644
--- a/usr.bin/csup/auth.c
+++ b/usr.bin/csup/auth.c
@@ -254,7 +254,7 @@ auth_makesecret(struct srvrecord *auth, char *secret)
 	MD5_Update(&md5, ":", 1);
 	MD5_Update(&md5, auth->password, strlen(auth->password));
 	MD5_Final(md5sum, &md5);
-	memset(secret, 0, sizeof(secret));
+	memset(secret, 0, MD5_CHARS_MAX);
 	strcpy(secret, md5salt);
 	auth_readablesum(md5sum, secret + strlen(md5salt));
 }
@@ -302,8 +302,9 @@ auth_makechallenge(struct config *config, char *challenge)
 	}
 	gettimeofday(&tv, NULL);
 	MD5_Init(&md5);
-	snprintf(buf, sizeof(buf), "%s:%ld:%ld:%ld:%d:%d",
-	    inet_ntoa(laddr.sin_addr), tv.tv_sec, tv.tv_usec, random(), pid, ppid);
+	snprintf(buf, sizeof(buf), "%s:%lld:%ld:%ld:%d:%d",
+	    inet_ntoa(laddr.sin_addr), (long long)tv.tv_sec, tv.tv_usec,
+	    random(), pid, ppid);
 	MD5_Update(&md5, buf, strlen(buf));
 	MD5_Final(md5sum, &md5);
 	auth_readablesum(md5sum, challenge);
-- 
cgit v1.1