dovecot-2.0: auth: Handle crypt() failing.
dovecot at dovecot.org
dovecot at dovecot.org
Thu May 21 19:45:58 EEST 2009
details: http://hg.dovecot.org/dovecot-2.0/rev/f595b68616e4
changeset: 9342:f595b68616e4
user: Timo Sirainen <tss at iki.fi>
date: Thu May 21 12:45:50 2009 -0400
description:
auth: Handle crypt() failing.
diffstat:
1 file changed, 9 insertions(+), 2 deletions(-)
src/auth/password-scheme.c | 11 +++++++++--
diffs (28 lines):
diff -r bc13674ac55f -r f595b68616e4 src/auth/password-scheme.c
--- a/src/auth/password-scheme.c Wed May 20 23:13:48 2009 -0400
+++ b/src/auth/password-scheme.c Thu May 21 12:45:50 2009 -0400
@@ -255,7 +255,7 @@ crypt_verify(const char *plaintext, cons
crypt_verify(const char *plaintext, const char *user ATTR_UNUSED,
const unsigned char *raw_password, size_t size)
{
- const char *password;
+ const char *password, *crypted;
if (size == 0) {
/* the default mycrypt() handler would return match */
@@ -263,7 +263,14 @@ crypt_verify(const char *plaintext, cons
}
password = t_strndup(raw_password, size);
- return strcmp(mycrypt(plaintext, password), password) == 0;
+ crypted = mycrypt(plaintext, password);
+ if (crypted == NULL) {
+ /* really shouldn't happen unless the system is broken */
+ i_error("crypt() failed: %m");
+ return FALSE;
+ }
+
+ return strcmp(crypted, password) == 0;
}
static void
More information about the dovecot-cvs
mailing list