wrowe at rowe-clan
Oct 23, 2009, 2:29 PM
Post #1 of 2
(135 views)
Permalink
|
|
Re: svn commit: r829162 - /httpd/httpd/trunk/support/htpasswd.c
|
|
sf[at]apache.org wrote:
> Author: sf
> Date: Fri Oct 23 18:13:46 2009
> New Revision: 829162
>
> URL: http://svn.apache.org/viewvc?rev=829162&view=rev
> Log:
> Print a warning if a password is truncated by crypt.
>
> Modified:
> httpd/httpd/trunk/support/htpasswd.c
>
> Modified: httpd/httpd/trunk/support/htpasswd.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=829162&r1=829161&r2=829162&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/support/htpasswd.c (original)
> +++ httpd/httpd/trunk/support/htpasswd.c Fri Oct 23 18:13:46 2009
> @@ -186,6 +186,10 @@
> pw = pwin;
> memset(pwv, '\0', sizeof(pwin));
> }
> + if (alg == ALG_CRYPT && strlen(pw) > 8) {
> + apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
> + "by CRYPT algorithm." NL);
> + }
Isn't this platform specific? Seems wrong. Why not test the pw and the pw+1 char
to determine if this is, in fact, true.
With all our integration into openssl maybe we should add 3des strong crypt for
all platforms that don't otherwise offer it? So much easier now that the rules
about crypto munitions in open source have been relaxed.
|
