Cut characters for a string in C

Question

Here's some code.

#include <stdio.h>

int main()
{
    char npass[] = "$1$bUZXMjKz$08Ps4NPTfj6ZNkoqrsP/D.";
    char salt [12];
    int i;
    for (i = 0; i < 12; i++)
    {
            npass[i+3] = salt[i];
            i++;
    }
    salt[12] = '\0';
    puts(salt);
    return 0;
}

Basically, npass is an md5crypt result(password is admin). In order to verify this, I need to separate the salt from the result.

My understanding is that a string in C is really a char array containing all the letters alone(with '\0' at the end). I use a for loop to cut the first three characters but I guess because of ASLR, the results that I get are always random ones. Actually, without ASLR, I get the same random result always.

`salt[12] = '\0';` is UB, since `salt` is only 12 bytes long. — , Feb 07 '13 at 08:34
You're incrementing `i` both inside the for loop and as a `for` statement parameter. You want one or the other. — acraig5075, Feb 07 '13 at 08:41

Some programmer dude · Accepted Answer · 2013-02-07T08:43:43.673

4

Of course you get "random" data, you assign to the hash and not the salt. You want the other way around:

salt[i] = npass[i+3];

Or you could skip the loop and do:

memcpy(salt, npass + 3, sizeof(salt) - 1);
salt[sizeof(salt) - 1] = '\0';

edited Feb 07 '13 at 08:43

answered Feb 07 '13 at 08:34

Some programmer dude

400,186
35
402
621

It would be better and safer to use memcpy. strncpy is an old, dangerous, mainly obsolete function intended for ancient unix code. [See this](http://stackoverflow.com/questions/2114896/why-is-strlcpy-and-strlcat-considered-to-be-insecure). – Lundin Feb 07 '13 at 08:40
Your code produced 1 character less than I wanted so I removed the `- 1` in both lines. Worked beautifully after that. Thank you. – Mangix Feb 07 '13 at 10:47
@Mangix No, don't remove the `-1` or you will overwrite beyond the end of the `salt` array. Instead increase the size of the `salt` array by one. – Some programmer dude Feb 07 '13 at 10:59

score 0 · Answer 2 · answered Feb 07 '13 at 08:47

With all bugs already pointed out, and some aesthetic fixes, you should end up with something like this:

#include <stdio.h>
#include <string.h>

#define SALT_N 12

int main()
{
    const char npass[] = "$1$bUZXMjKz$08Ps4NPTfj6ZNkoqrsP/D.";
    char salt [SALT_N+1];

    memcpy(salt, npass, SALT_N);
    salt[SALT_N] = '\0';
    puts(salt);
    return 0;
}

Cut characters for a string in C

2 Answers2