resolved the wrong base64 length problem, long password buffer overflow

.gitignore

@@ -51,5 +51,5 @@ gtest/lib/
 install-sh
 libtool
 
-#just for me
-config/config_cemetery/*
+#config file
+banjax.conf

config-aux/banjax.conf.sample

@@ -0,0 +1,27 @@
+priority:
+  white_lister: 1
+  auth: 2
+  challenger: 3
+  regex_banner: 4
+
+white_lister:
+    white_listed_ips:   
+      - 127.0.0.1
+
+challenger:
+    key: "allwearesayingisgivewarachance" 
+    difficulty: 8
+
+include:
+  - banjax.d/equalit.ie.conf
+  - banjax.d/deflect.ca.conf
+
+regex_banner:
+    - rule: deflectsecret
+      regex: '[\s\S]*secretpage[\s\S]*'
+      interval: 60
+      hits_per_interval: 0
+
+bot_sniffer :
+  botbanger_port: 22621
+  key: "72fromMemphistoChattanooga"

include/cookiehash.h

@@ -5,6 +5,7 @@
 #define SECRET_LENGTH SHA256_DIGEST_LENGTH //the secret is a SHA256 of user password so it has 256/8 = 32 bytes
 #define HASH_LENGTH 20
 #define COOKIE_LENGTH (HASH_LENGTH+sizeof(time_t))
+#define COOKIE_B64_LENGTH ((COOKIE_LENGTH+2)/3)*4
 
 int GenerateCookie(uchar *captcha,uchar *secret,time_t valid_till_timestamp,uchar *remoteaddress,uchar *cookiestring_out);
 int ValidateCookie(uchar *captcha,uchar *secret,time_t current_timestamp,uchar *remoteaddress,uchar *cookiestring);

src/challenge_manager.cpp

@@ -218,8 +218,8 @@ bool ChallengeManager::check_sha(const char* cookiestr){
  */
 bool ChallengeManager::check_auth_validity(const char* cookiestr, const std::string password_hash)
 {
-  static const unsigned int b64token_length = (int)((COOKIE_LENGTH*4+3)/3);
-  static const unsigned int b64_sha256_length = (int)((SHA256_DIGEST_LENGTH*4+3)/3)+1;
+  static const unsigned int b64token_length = COOKIE_B64_LENGTH;
+  static const unsigned int b64_sha256_length = (int)(((SHA256_DIGEST_LENGTH + 2)/3)*4);
   static const unsigned int to_be_hashed_length = b64token_length+b64_sha256_length;
 
   unsigned long cookie_len = strlen((char*)cookiestr);
@@ -232,7 +232,7 @@ bool ChallengeManager::check_auth_validity(const char* cookiestr, const std::str
   SHA256_Init(&sha256);
   char to_be_hashed[to_be_hashed_length];
   memcpy(to_be_hashed, cookiestr, b64token_length);
-  memcpy(to_be_hashed+b64token_length, password_hash.c_str(), password_hash.size());
+  memcpy(to_be_hashed+b64token_length, password_hash.c_str(), b64_sha256_length);
 
   SHA256_Update(&sha256, to_be_hashed, to_be_hashed_length);
   SHA256_Final(hash, &sha256);
@@ -242,7 +242,7 @@ bool ChallengeManager::check_auth_validity(const char* cookiestr, const std::str
   std::string cookiedata=Base64::Decode((const char *)cookiestr+b64token_length, (const char *)(cookiestr+cookie_len));
 
   memcpy(hashed_solution,cookiedata.c_str(),SHA256_DIGEST_LENGTH);
-
+  
   //now compare
   if (memcmp(hashed_solution, hash, SHA256_DIGEST_LENGTH))
     return false;
@@ -279,7 +279,7 @@ bool ChallengeManager::check_cookie(string answer, string cookie_jar, string ip,
       //here we check the general validity of the cookie
       int result = 100 /*something not equal to 1, which means OK*/;
       // see GenerateCookie for the length calculation
-      int expected_length = (int)(COOKIE_LENGTH*4+3)/3;
+      int expected_length = COOKIE_B64_LENGTH;
       if (captcha_cookie.size() > (size_t)expected_length) {
         captcha_cookie = captcha_cookie.substr(0, expected_length);
       }

src/cookiehash.cpp

@@ -74,7 +74,7 @@ int ValidateCookie(uchar *captcha,uchar *secret,time_t current_timestamp,uchar *
 {
   char cookie[COOKIE_LENGTH];
   char hash[HASH_LENGTH];
-  if (strlen((char*)cookiestring)!=(int)((COOKIE_LENGTH*4+3)/3))
+  if (strlen((char*)cookiestring)!=COOKIE_B64_LENGTH)
     return -3;
   std::string cookiedata=Base64::Decode((const char *)cookiestring,(const char *)(cookiestring+strlen((char *) cookiestring)));
   memcpy(cookie,cookiedata.c_str(),COOKIE_LENGTH);