[dovecot-cvs] dovecot/src/auth auth-request.c, 1.73, 1.74 password-scheme.c, 1.25, 1.26

tss at dovecot.org tss at dovecot.org
Sun Dec 3 19:23:36 UTC 2006 

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv16953

Modified Files:
	auth-request.c password-scheme.c 
Log Message:
Don't crash if plain-md5, plain-md4 or sha1 password is invalid and we're
not using digest-md5 authentication..



Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -d -r1.73 -r1.74
--- auth-request.c	18 Nov 2006 22:02:59 -0000	1.73
+++ auth-request.c	3 Dec 2006 19:23:33 -0000	1.74
@@ -906,8 +906,12 @@
 		return 0;
 	}
 
+	/* If original_username is set, use it. It may be important for some
+	   password schemes (eg. digest-md5). Otherwise the username is used
+	   only for logging purposes. */
 	ret = password_verify(plain_password, crypted_password, scheme,
-			      request->original_username);
+			      request->original_username != NULL ?
+			      request->original_username : request->user);
 	if (ret < 0) {
 		auth_request_log_error(request, subsystem,
 				       "Unknown password scheme %s", scheme);

Index: password-scheme.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- password-scheme.c	12 Nov 2006 19:36:41 -0000	1.25
+++ password-scheme.c	3 Dec 2006 19:23:33 -0000	1.26
@@ -181,7 +181,7 @@
 }
 
 static bool sha1_verify(const char *plaintext, const char *password,
-			const char *user __attr_unused__)
+			const char *user)
 {
 	unsigned char sha1_digest[SHA1_RESULTLEN];
 	const char *data;
@@ -362,7 +362,7 @@
 }
 
 static bool plain_md4_verify(const char *plaintext, const char *password,
-			     const char *user __attr_unused__)
+			     const char *user)
 {
 	unsigned char digest[MD4_RESULTLEN];
 	const void *data;
@@ -388,7 +388,7 @@
 }
 
 static bool plain_md5_verify(const char *plaintext, const char *password,
-			     const char *user __attr_unused__)
+			     const char *user)
 {
 	unsigned char digest[MD5_RESULTLEN];
 	const void *data;

More information about the dovecot-cvs mailing list