summaryrefslogtreecommitdiff
blob: 3e4dd4ab6b6da8d84d7d7d3c382cec68d7a50f7b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
=== modified file 'helpers/basic_auth/NCSA/basic_ncsa_auth.cc'
--- helpers/basic_auth/NCSA/basic_ncsa_auth.cc	2012-11-15 22:26:23 +0000
+++ helpers/basic_auth/NCSA/basic_ncsa_auth.cc	2013-04-16 00:26:10 +0000
@@ -144,19 +144,20 @@
         rfc1738_unescape(user);
         rfc1738_unescape(passwd);
         u = (user_data *) hash_lookup(hash, user);
+        char *crypted = NULL;
         if (u == NULL) {
             SEND_ERR("No such user");
 #if HAVE_CRYPT
-        } else if (strlen(passwd) <= 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
+        } else if (strlen(passwd) <= 8 && (crypted = crypt(passwd, u->passwd)) && (strcmp(u->passwd, crypted) == 0)) {
             // Bug 3107: crypt() DES functionality silently truncates long passwords.
             SEND_OK("");
-        } else if (strlen(passwd) > 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
+        } else if (strlen(passwd) > 8 && (crypted = crypt(passwd, u->passwd)) && (strcmp(u->passwd, crypted) == 0)) {
             // Bug 3107: crypt() DES functionality silently truncates long passwords.
             SEND_ERR("Password too long. Only 8 characters accepted.");
 #endif
-        } else if (strcmp(u->passwd, (char *) crypt_md5(passwd, u->passwd)) == 0) {
+        } else if ( (crypted = crypt_md5(passwd, u->passwd)) && strcmp(u->passwd, crypted) == 0) {
             SEND_OK("");
-        } else if (strcmp(u->passwd, (char *) md5sum(passwd)) == 0) {
+        } else if ( (crypted =  md5sum(passwd)) && strcmp(u->passwd, crypted) == 0) {
             SEND_OK("");
         } else {
             SEND_ERR("Wrong password");