[Dovecot] [PATCH] Add SCRAM-SHA-1 password scheme
Timo Sirainen
tss at iki.fi
Wed Oct 3 00:27:13 EEST 2012
On 3.10.2012, at 0.05, Florian Zeitz wrote:
> attached is an hg export on top of the current dovecot-2.2 branch, which
> adds support for a SCRAM-SHA-1 password scheme.
>
> Ideally I'd want doveadm pw's rounds flag to apply to this, but that's
> currently specific to the crypt password scheme, so I left it out for now.
Looks pretty good. But you could improve the error handling a bit. Instead of atoi() use str_to_uint() and verify the error value. Also verify that t_strsplit() returns the correct number of values. And there should be some sanity check for the iter count also.. I'm not sure what, but currently it's possible for Hi() to go to infinite loop.
More information about the dovecot
mailing list