dovecot-1.2: auth: Handle crypt() failing.
dovecot at dovecot.org
dovecot at dovecot.org
Thu May 21 19:46:22 EEST 2009
details: http://hg.dovecot.org/dovecot-1.2/rev/b57a14e489b3
changeset: 9070:b57a14e489b3
user: Timo Sirainen <tss at iki.fi>
date: Thu May 21 12:46:17 2009 -0400
description:
auth: Handle crypt() failing.
diffstat:
1 file changed, 9 insertions(+), 2 deletions(-)
src/auth/password-scheme.c | 11 +++++++++--
diffs (28 lines):
diff -r aedec88c6e31 -r b57a14e489b3 src/auth/password-scheme.c
--- a/src/auth/password-scheme.c Wed May 20 22:53:22 2009 -0400
+++ b/src/auth/password-scheme.c Thu May 21 12:46:17 2009 -0400
@@ -255,7 +255,7 @@ crypt_verify(const char *plaintext, cons
crypt_verify(const char *plaintext, const char *user ATTR_UNUSED,
const unsigned char *raw_password, size_t size)
{
- const char *password;
+ const char *password, *crypted;
if (size == 0) {
/* the default mycrypt() handler would return match */
@@ -263,7 +263,14 @@ crypt_verify(const char *plaintext, cons
}
password = t_strndup(raw_password, size);
- return strcmp(mycrypt(plaintext, password), password) == 0;
+ crypted = mycrypt(plaintext, password);
+ if (crypted == NULL) {
+ /* really shouldn't happen unless the system is broken */
+ i_error("crypt() failed: %m");
+ return FALSE;
+ }
+
+ return strcmp(crypted, password) == 0;
}
static void
More information about the dovecot-cvs
mailing list