Still haven't tested, but I also saw: > + password_pwd = malloc(password_pwd_len + 1); /* +1 for \0 */ > + > + /* extract the password */ > + for ( cnt = 0 ; cnt < password_pwd_len ; cnt++ ) > + password_pwd[cnt] = password[cnt]; > + password_pwd[password_pwd_len] = '\0';
Use strlcpy, don't roll your own. > + /* copy last 44 bytes (yubikey one-time password) */ > + for ( cnt = 0 ; cnt + password_pwd_len < strlen(password) ; cnt++ ) > + password_yubikey[cnt] = password[cnt+password_pwd_len]; If you made password_yubikey char[45] instead of char[44] then you could do: char *temp = password + password_pwd_len; strlcpy(password_yubikey, temp, 45);
