dovecot-1.2: auth: If MD5 scheme can't decode the password log a...
dovecot at dovecot.org
dovecot at dovecot.org
Wed Dec 31 01:49:56 EET 2008
details: http://hg.dovecot.org/dovecot-1.2/rev/71cc9f3e3f2d
changeset: 8586:71cc9f3e3f2d
user: Timo Sirainen <tss at iki.fi>
date: Wed Dec 31 01:49:50 2008 +0200
description:
auth: If MD5 scheme can't decode the password log an error.
diffstat:
1 file changed, 5 insertions(+), 4 deletions(-)
src/auth/password-scheme.c | 9 +++++----
diffs (20 lines):
diff -r 24ccf040026b -r 71cc9f3e3f2d src/auth/password-scheme.c
--- a/src/auth/password-scheme.c Sat Dec 27 09:19:04 2008 +0200
+++ b/src/auth/password-scheme.c Wed Dec 31 01:49:50 2008 +0200
@@ -296,11 +296,12 @@ md5_verify(const char *plaintext, const
/* MD5-CRYPT */
str = password_generate_md5_crypt(plaintext, password);
return strcmp(str, password) == 0;
+ } else if (password_decode(password, "PLAIN-MD5",
+ &md5_password, &md5_size) < 0) {
+ i_error("md5_verify(%s): Not a valid MD5-CRYPT or "
+ "PLAIN-MD5 password", user);
+ return FALSE;
} else {
- if (password_decode(password, "PLAIN-MD5",
- &md5_password, &md5_size) < 0)
- return FALSE;
-
return password_verify(plaintext, user, "PLAIN-MD5",
md5_password, md5_size) > 0;
}
More information about the dovecot-cvs
mailing list