1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
=== modified file 'helpers/basic_auth/NCSA/basic_ncsa_auth.cc'
--- helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2012-11-15 22:26:23 +0000
+++ helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-04-16 00:26:10 +0000
@@ -144,19 +144,20 @@
rfc1738_unescape(user);
rfc1738_unescape(passwd);
u = (user_data *) hash_lookup(hash, user);
+ char *crypted = NULL;
if (u == NULL) {
SEND_ERR("No such user");
#if HAVE_CRYPT
- } else if (strlen(passwd) <= 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
+ } else if (strlen(passwd) <= 8 && (crypted = crypt(passwd, u->passwd)) && (strcmp(u->passwd, crypted) == 0)) {
// Bug 3107: crypt() DES functionality silently truncates long passwords.
SEND_OK("");
- } else if (strlen(passwd) > 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
+ } else if (strlen(passwd) > 8 && (crypted = crypt(passwd, u->passwd)) && (strcmp(u->passwd, crypted) == 0)) {
// Bug 3107: crypt() DES functionality silently truncates long passwords.
SEND_ERR("Password too long. Only 8 characters accepted.");
#endif
- } else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) {
+ } else if ( (crypted = crypt_md5(passwd, u->passwd)) && strcmp(u->passwd, crypted) == 0) {
SEND_OK("");
- } else if (strcmp(u->passwd, (char *) md5sum(passwd)) == 0) {
+ } else if ( (crypted = md5sum(passwd)) && strcmp(u->passwd, crypted) == 0) {
SEND_OK("");
} else {
SEND_ERR("Wrong password");
|