diff --git a/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/RepositoryManager.java b/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/RepositoryManager.java index 6d42577928..ca9adf4cf0 100644 --- a/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/RepositoryManager.java +++ b/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/RepositoryManager.java @@ -277,10 +277,10 @@ public class RepositoryManager { if (names.length == 0) { log.info(" "); } - for (String name2 : names) { - File f = new File(rootDirFile, NamingUtilities.mangle(name2)); + for (String name : names) { + File f = new File(rootDirFile, NamingUtilities.mangle(name)); if (!f.isDirectory()) { - log.error("Error while processing repository " + name2 + + log.error("Error while processing repository " + name + ", directory not found: " + f); continue; } @@ -288,15 +288,14 @@ public class RepositoryManager { throw new IOException(f.getAbsolutePath() + " can not be written to"); } try { - Repository rep = new Repository(this, null, f, name2); - String name = rep.getName(); + Repository rep = new Repository(this, null, f, name); repositoryMap.put(name, rep); } catch (UserAccessException e) { // ignore } catch (Exception e) { - log.error("Error while processing repository " + name2 + ", " + e.getMessage()); + log.error("Error while processing repository " + name + ", " + e.getMessage()); continue; } } diff --git a/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/ServerAdmin.java b/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/ServerAdmin.java index af8fadbec9..e52711ee7d 100644 --- a/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/ServerAdmin.java +++ b/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/ServerAdmin.java @@ -130,13 +130,13 @@ public class ServerAdmin implements GhidraLaunchable { int cmdLen = 1; for (; ix < args.length; ix += cmdLen) { boolean queueCmd = true; - char[] pwdHash = null; + String pwdHash = null; if (UserAdmin.ADD_USER_COMMAND.equals(args[ix])) { // add user cmdLen = 2; validateSID(args, ix + 1); if (hasOptionalArg(args, ix + 2, UserAdmin.PASSWORD_OPTION)) { ++cmdLen; - pwdHash = promptForPassword(args[ix + 1]); + pwdHash = promptForPasswordAndGetSaltedHash(args[ix + 1]); } } else if (UserAdmin.REMOVE_USER_COMMAND.equals(args[ix])) { // remove user @@ -148,7 +148,7 @@ public class ServerAdmin implements GhidraLaunchable { validateSID(args, ix + 1); if (hasOptionalArg(args, ix + 2, UserAdmin.PASSWORD_OPTION)) { ++cmdLen; - pwdHash = promptForPassword(args[ix + 1]); + pwdHash = promptForPasswordAndGetSaltedHash(args[ix + 1]); } } else if (UserAdmin.SET_USER_DN_COMMAND.equals(args[ix])) { // set/add user with DN for PKI @@ -227,7 +227,7 @@ public class ServerAdmin implements GhidraLaunchable { System.out.println(); } - private char[] promptForPassword(String userSID) { + private String promptForPasswordAndGetSaltedHash(String userSID) { char[] pwd1 = null; char[] pwd2 = null; try { @@ -242,7 +242,8 @@ public class ServerAdmin implements GhidraLaunchable { Arrays.fill(pwd1, (char) 0); Arrays.fill(pwd2, (char) 0); } - return HashUtilities.getSaltedHash(HashUtilities.SHA256_ALGORITHM, pwd1); + char[] saltedHash = HashUtilities.getSaltedHash(HashUtilities.SHA256_ALGORITHM, pwd1); + return new String(saltedHash); } catch (IOException e) { System.err.println("Password entry error: " + e.getMessage()); @@ -278,14 +279,18 @@ public class ServerAdmin implements GhidraLaunchable { while (true) { c = System.in.read(); - if (c <= 0 || (Character.isWhitespace((char) c) && c != ' ')) { + if (c <= 0 || c == '\n') { break; } + if (c == '\r') { + continue; + } if (password == null) { password = new char[1]; } else { char[] newPass = new char[password.length + 1]; + // copy prior entry into expanded array and clear old array for (int i = 0; i < password.length; i++) { newPass[i] = password[i]; password[i] = 0; @@ -326,8 +331,8 @@ public class ServerAdmin implements GhidraLaunchable { * @param pwdHash optional password has to append to end of command */ private static void addCommand(ArrayList cmdList, String[] args, int argOffset, - int argCnt, char[] pwdHash) { - StringBuffer buf = new StringBuffer(); + int argCnt, String pwdHash) { + StringBuilder buf = new StringBuilder(); for (int i = 0; i < argCnt; i++) { if (i > 0) { buf.append(' '); diff --git a/Ghidra/Framework/FileSystem/src/main/java/ghidra/util/HashUtilities.java b/Ghidra/Framework/FileSystem/src/main/java/ghidra/util/HashUtilities.java index 7beff0ee80..ba24057897 100644 --- a/Ghidra/Framework/FileSystem/src/main/java/ghidra/util/HashUtilities.java +++ b/Ghidra/Framework/FileSystem/src/main/java/ghidra/util/HashUtilities.java @@ -18,7 +18,10 @@ package ghidra.util; import java.io.*; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.*; +import java.util.Arrays; +import java.util.List; + +import generic.random.SecureRandomFactory; public class HashUtilities { @@ -33,10 +36,8 @@ public class HashUtilities { public static final int SHA256_UNSALTED_HASH_LENGTH = 64; public static final int SHA256_SALTED_HASH_LENGTH = SHA256_UNSALTED_HASH_LENGTH + SALT_LENGTH; - private static Random random = new Random(System.nanoTime()); - static char getRandomLetterOrDigit() { - int val = (random.nextInt() % 62); // 0-9,A-Z,a-z (10+26+26=62) + int val = (SecureRandomFactory.getSecureRandom().nextInt() % 62); // 0-9,A-Z,a-z (10+26+26=62) if (val < 0) { val = -val; }