24 lines
1.2 KiB
Diff
24 lines
1.2 KiB
Diff
|
--- ./helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-03-02 02:46:03.000000000 +0100
|
||
|
+++ ./helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-03-07 15:45:22.000000000 +0100
|
||
|
@@ -114,6 +114,7 @@
|
||
|
time_t change_time = -1;
|
||
|
char buf[HELPER_INPUT_BUFFER];
|
||
|
char *user, *passwd, *p;
|
||
|
+ char *crypted;
|
||
|
user_data *u;
|
||
|
setbuf(stdout, NULL);
|
||
|
if (argc != 2) {
|
||
|
@@ -147,10 +148,10 @@
|
||
|
if (u == NULL) {
|
||
|
SEND_ERR("No such user");
|
||
|
#if HAVE_CRYPT
|
||
|
- } else if (strlen(passwd) <= 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
|
||
|
+ } else if (strlen(passwd) <= 8 && (crypted = crypt(passwd, u->passwd)) && (strcmp(u->passwd, crypted) == 0)) {
|
||
|
// Bug 3107: crypt() DES functionality silently truncates long passwords.
|
||
|
SEND_OK("");
|
||
|
- } else if (strlen(passwd) > 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
|
||
|
+ } else if (strlen(passwd) > 8 && (crypted = crypt(passwd, u->passwd)) && (strcmp(u->passwd, crypted) == 0)) {
|
||
|
// Bug 3107: crypt() DES functionality silently truncates long passwords.
|
||
|
SEND_ERR("Password too long. Only 8 characters accepted.");
|
||
|
#endif
|