squid/squid-NCSA_auth.patch

24 lines
1.2 KiB
Diff
Raw Normal View History

--- ./helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-03-02 02:46:03.000000000 +0100
+++ ./helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2013-03-07 15:45:22.000000000 +0100
@@ -114,6 +114,7 @@
time_t change_time = -1;
char buf[HELPER_INPUT_BUFFER];
char *user, *passwd, *p;
+ char *crypted;
user_data *u;
setbuf(stdout, NULL);
if (argc != 2) {
@@ -147,10 +148,10 @@
if (u == NULL) {
SEND_ERR("No such user");
#if HAVE_CRYPT
- } else if (strlen(passwd) <= 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
+ } else if (strlen(passwd) <= 8 && (crypted = crypt(passwd, u->passwd)) && (strcmp(u->passwd, crypted) == 0)) {
// Bug 3107: crypt() DES functionality silently truncates long passwords.
SEND_OK("");
- } else if (strlen(passwd) > 8 && strcmp(u->passwd, (char *) crypt(passwd, u->passwd)) == 0) {
+ } else if (strlen(passwd) > 8 && (crypted = crypt(passwd, u->passwd)) && (strcmp(u->passwd, crypted) == 0)) {
// Bug 3107: crypt() DES functionality silently truncates long passwords.
SEND_ERR("Password too long. Only 8 characters accepted.");
#endif