From 413ea15ef7eb8e8462351e49dd74390d5a20ba44 Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Wed, 11 Oct 2006 20:18:47 +0000 Subject: [PATCH] Fixed bug 672: Trailing characters in password are ignored. By default htpasswd uses DES encryption of maximum key length 8. This means that a password can only have 8 significant digits. Function passwd_db_auth now returns -2 if password is greater than 8. --- util/passwddb.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/util/passwddb.c b/util/passwddb.c index 785ec56..16d5c71 100644 --- a/util/passwddb.c +++ b/util/passwddb.c @@ -1,4 +1,4 @@ -/* $Id: passwddb.c,v 1.7.2.3 2006-08-14 10:39:24 adam Exp $ +/* $Id: passwddb.c,v 1.7.2.4 2006-10-11 20:18:47 adam Exp $ Copyright (C) 1995,1996,1997,1998,1999,2000,2001,2002 Index Data Aps @@ -136,15 +136,17 @@ int passwd_db_auth (Passwd_db db, const char *user, const char *pass) if (pe->encrypt_flag) { #if HAVE_CRYPT_H - char salt[3]; const char *des_try; if (strlen (pe->des) < 3) return -3; if (!pass) return -2; - memcpy (salt, pe->des, 2); - salt[2] = '\0'; - des_try = crypt (pass, salt); + if (pe->des[0] != '$') /* Not MD5? (assume DES) */ + { + if (strlen(pass) > 8) /* maximum key length is 8 */ + return -2; + } + des_try = crypt (pass, pe->des); if (strcmp (des_try, pe->des)) return -2; #else -- 1.7.10.4