The crypt command used in tclhttpd requires a 2 characters salt but sometimes Passgen_Salt generates a shorter salt caused by a wrong random index calculation and crypt thows an error.
How to reproduce:
while {1} {
set salt [Passgen_Salt]
if {[string length $salt] < 2} {
puts "salt=$salt"
crypt "password" $salt
}
}
The problemi is caused by [expr round(rand()*$slen)] which sometimes calculates an index equal to the length of the salt string so that [string index $saltstr $index] = "".
To fix the problem we need to replace round() with int() in passgen.tcl:Passgen_Salt:
proc Passgen_Salt {} {
global passgen
set slen [string len $passgen(saltstr)]
return "[string index $passgen(saltstr) [expr {int(rand()*$slen)}]][string index $passgen(saltstr) [expr {int(rand()*$slen)}]]"
}
|