Page MenuHomeDevCentral
Create Task
Maniphest T1145

Don't truncate passwords
Open, NormalPublic
Actions

Description

Long passwords are truncated to 25 characters:

02:02:12 <Dereckson> pass […] lxmXPppJXYNGggEx0JervJ6QqKmAum0TB22
02:02:12 -Odderon- Password for dereckson@wikimedia/dereckson has been updated.

But that gives:

userlist.db
#* *@wikimedia/dereckson 3 2 lxmXPppJXYNGggEx0JervJ6Qq I haven't used ^B!SETINFO^B yet!

Event Timeline

dereckson created this task.Jan 31 2017, 01:54
dereckson moved this task from Backlog to Darkbot bugs on the Odderon board.Aug 29 2021, 00:37
dereckson added a comment.May 15 2023, 17:08

Password truncation
Passwords are explicitly truncated to 25 characters in load_helpers functions:

helpers.c
if (strlen (pass) > 25)
    pass[25] = '\0';

When a password is set through a command:

chansrv.c
if (strlen(args[1]) > 25)
        args[1][25] = '\0';

Usual length

Most fields use STRING_SHORT as char* length, currently set at 255.

For userlist.db entries (HELPER_LIST), I've the feeling 255 characters is for everything, including setinfo part: extern char HELPER_LIST[STRING_SHORT];

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator