rpluem at apache
Oct 24, 2009, 8:31 AM
Post #1 of 2
(108 views)
Permalink
|
|
Re: svn commit: r829355 - /httpd/httpd/trunk/support/htpasswd.c
|
|
On 10/24/2009 02:39 PM, sf[at]apache.org wrote:
> Author: sf
> Date: Sat Oct 24 12:39:41 2009
> New Revision: 829355
>
> URL: http://svn.apache.org/viewvc?rev=829355&view=rev
> Log:
> Verify that password has been truncated before printing a warning.
>
> Modified:
> httpd/httpd/trunk/support/htpasswd.c
>
> Modified: httpd/httpd/trunk/support/htpasswd.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=829355&r1=829354&r2=829355&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/support/htpasswd.c (original)
> +++ httpd/httpd/trunk/support/htpasswd.c Sat Oct 24 12:39:41 2009
> @@ -186,10 +186,6 @@
> pw = pwin;
> memset(pwv, '\0', sizeof(pwin));
> }
> - if (alg == ALG_CRYPT && strlen(pw) > 8) {
> - apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
> - "by CRYPT algorithm." NL);
> - }
> switch (alg) {
>
> case ALG_APSHA:
> @@ -223,6 +219,15 @@
> salt[8] = '\0';
>
> apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
> + if (strlen(pw) > 8) {
> + char *truncpw = strdup(pw);
> + truncpw[8] = '\0';
> + if (!strcmp(cpw, crypt(pw, salt))) {
I assume you want to do
crypt(truncpw, salt)
instead of
crypt(pw, salt)
> + apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
> + "by CRYPT algorithm." NL);
> + }
> + free(truncpw);
> + }
> break;
> #endif
> }
>
Regards
RĂ¼diger
|
