You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2009/10/24 14:39:42 UTC
svn commit: r829355 - /httpd/httpd/trunk/support/htpasswd.c
Author: sf
Date: Sat Oct 24 12:39:41 2009
New Revision: 829355
URL: http://svn.apache.org/viewvc?rev=829355&view=rev
Log:
Verify that password has been truncated before printing a warning.
Modified:
httpd/httpd/trunk/support/htpasswd.c
Modified: httpd/httpd/trunk/support/htpasswd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=829355&r1=829354&r2=829355&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htpasswd.c (original)
+++ httpd/httpd/trunk/support/htpasswd.c Sat Oct 24 12:39:41 2009
@@ -186,10 +186,6 @@
pw = pwin;
memset(pwv, '\0', sizeof(pwin));
}
- if (alg == ALG_CRYPT && strlen(pw) > 8) {
- apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
- "by CRYPT algorithm." NL);
- }
switch (alg) {
case ALG_APSHA:
@@ -223,6 +219,15 @@
salt[8] = '\0';
apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
+ if (strlen(pw) > 8) {
+ char *truncpw = strdup(pw);
+ truncpw[8] = '\0';
+ if (!strcmp(cpw, crypt(pw, salt))) {
+ apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
+ "by CRYPT algorithm." NL);
+ }
+ free(truncpw);
+ }
break;
#endif
}
Re: svn commit: r829355 - /httpd/httpd/trunk/support/htpasswd.c
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Sat, 24 Oct 2009, Ruediger Pluem wrote:
> I assume you want to do
>
> crypt(truncpw, salt)
>
> instead of
>
> crypt(pw, salt)
Absolutely :-(
Thanks.
Re: svn commit: r829355 - /httpd/httpd/trunk/support/htpasswd.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 10/24/2009 02:39 PM, sf@apache.org wrote:
> Author: sf
> Date: Sat Oct 24 12:39:41 2009
> New Revision: 829355
>
> URL: http://svn.apache.org/viewvc?rev=829355&view=rev
> Log:
> Verify that password has been truncated before printing a warning.
>
> Modified:
> httpd/httpd/trunk/support/htpasswd.c
>
> Modified: httpd/httpd/trunk/support/htpasswd.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=829355&r1=829354&r2=829355&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/support/htpasswd.c (original)
> +++ httpd/httpd/trunk/support/htpasswd.c Sat Oct 24 12:39:41 2009
> @@ -186,10 +186,6 @@
> pw = pwin;
> memset(pwv, '\0', sizeof(pwin));
> }
> - if (alg == ALG_CRYPT && strlen(pw) > 8) {
> - apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
> - "by CRYPT algorithm." NL);
> - }
> switch (alg) {
>
> case ALG_APSHA:
> @@ -223,6 +219,15 @@
> salt[8] = '\0';
>
> apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
> + if (strlen(pw) > 8) {
> + char *truncpw = strdup(pw);
> + truncpw[8] = '\0';
> + if (!strcmp(cpw, crypt(pw, salt))) {
I assume you want to do
crypt(truncpw, salt)
instead of
crypt(pw, salt)
> + apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
> + "by CRYPT algorithm." NL);
> + }
> + free(truncpw);
> + }
> break;
> #endif
> }
>
Regards
RĂ¼diger