31 Mar
2006
31 Mar
'06
4:43 a.m.
Hello
I've migrated to dovecot-1.0beta3 and I have taken over the password files from an older system. For some reason the md5 hashs have "[" chars in the salt.
For example like this $1$[xxxXX[E$bg/d4JdSSf2kTL8sXXxXXX
Now the problem is that in the file src/auth/db-passwd-file.c on line 43 for libpam-pwdfile compatibility it will be searched for "[" to find the type of the password hash. Then only the hash up to this point will be used in future for comparing the passwords.
The problem line. p = pass == NULL ? NULL : strchr(pass, '[');
I changed the behavior to always use the complete hash out of the file because I don't use pam.
Does anyone know if [ chars are allowed in md5 hashs?
Kind Regards Fabrizio Steiner