dovecot-1.1: auth: Handle crypt() failing.
dovecot at dovecot.org
dovecot at dovecot.org
Thu May 21 19:46:11 EEST 2009
details: http://hg.dovecot.org/dovecot-1.1/rev/255af68d5957
changeset: 8284:255af68d5957
user: Timo Sirainen <tss at iki.fi>
date: Thu May 21 12:45:50 2009 -0400
description:
auth: Handle crypt() failing.
diffstat:
1 file changed, 9 insertions(+), 2 deletions(-)
src/auth/password-scheme.c | 11 +++++++++--
diffs (28 lines):
diff -r b580a354aa69 -r 255af68d5957 src/auth/password-scheme.c
--- a/src/auth/password-scheme.c Wed May 20 17:47:49 2009 -0400
+++ b/src/auth/password-scheme.c Thu May 21 12:45:50 2009 -0400
@@ -251,7 +251,7 @@ crypt_verify(const char *plaintext, cons
crypt_verify(const char *plaintext, const char *user ATTR_UNUSED,
const unsigned char *raw_password, size_t size)
{
- const char *password;
+ const char *password, *crypted;
if (size == 0) {
/* the default mycrypt() handler would return match */
@@ -259,7 +259,14 @@ crypt_verify(const char *plaintext, cons
}
password = t_strndup(raw_password, size);
- return strcmp(mycrypt(plaintext, password), password) == 0;
+ crypted = mycrypt(plaintext, password);
+ if (crypted == NULL) {
+ /* really shouldn't happen unless the system is broken */
+ i_error("crypt() failed: %m");
+ return FALSE;
+ }
+
+ return strcmp(crypted, password) == 0;
}
static void
More information about the dovecot-cvs
mailing list