[Dovecot] crypt() failure is possible
dovecot 1.1.15 in src/auth/password-scheme.c
contains:
static bool crypt_verify(const char *plaintext, const char *user ATTR_UNUSED, const unsigned char *raw_password, size_t size) { const char *password;
if (size == 0) {
/* the default mycrypt() handler would return match */
return FALSE;
}
password = t_strndup(raw_password, size);
return strcmp(mycrypt(plaintext, password), password) == 0;}
but according to man page crypt() can fail and NULL is returned then. On other hand glibc info page is silent about such failure.
The thing is that I'm seeing crypt() failure here with new glibc 2.10.1 built with nss backend for crypt(), so it would be good to handle such case.
(crypt failure was due to improper nss packaging but it could also happen if somehow nss file becomes corrupted)
Arkadiusz Miśkiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/
On Thu, 2009-05-21 at 11:29 +0200, Arkadiusz Miskiewicz wrote:
but according to man page crypt() can fail and NULL is returned then. On other hand glibc info page is silent about such failure.
The thing is that I'm seeing crypt() failure here with new glibc 2.10.1 built with nss backend for crypt(), so it would be good to handle such case.
participants (2)
-
Arkadiusz Miskiewicz
-
Timo Sirainen