You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by sf...@apache.org on 2012/07/16 22:43:31 UTC

svn commit: r1362244 - in /apr/apr-util/branches/1.4.x: ./ crypto/apr_md5.c

Author: sf
Date: Mon Jul 16 20:43:30 2012
New Revision: 1362244

URL: http://svn.apache.org/viewvc?rev=1362244&view=rev
Log:
Merge r1362243:

Avoid copying the hashed password to a temp buffer, if possible.

Noted by Jason Ovich <jasonovich mailfish de>
PR: 53410

Modified:
    apr/apr-util/branches/1.4.x/   (props changed)
    apr/apr-util/branches/1.4.x/crypto/apr_md5.c

Propchange: apr/apr-util/branches/1.4.x/
------------------------------------------------------------------------------
  Merged /apr/apr/trunk:r1362241
  Merged /apr/apr-util/branches/1.5.x:r1362243

Modified: apr/apr-util/branches/1.4.x/crypto/apr_md5.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/crypto/apr_md5.c?rev=1362244&r1=1362243&r2=1362244&view=diff
==============================================================================
--- apr/apr-util/branches/1.4.x/crypto/apr_md5.c (original)
+++ apr/apr-util/branches/1.4.x/crypto/apr_md5.c Mon Jul 16 20:43:30 2012
@@ -716,7 +716,7 @@ APU_DECLARE(apr_status_t) apr_password_v
          * It's not our algorithm, so feed it to crypt() if possible.
          */
 #if defined(WIN32) || defined(BEOS) || defined(NETWARE)
-        apr_cpystrn(sample, passwd, sizeof(sample) - 1);
+        return (strcmp(passwd, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
 #elif defined(CRYPT_R_CRYPTD)
         CRYPTD buffer;
 
@@ -724,7 +724,7 @@ APU_DECLARE(apr_status_t) apr_password_v
         if (!crypt_pw) {
             return APR_EMISMATCH;
         }
-        apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+        return (strcmp(crypt_pw, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
 #elif defined(CRYPT_R_STRUCT_CRYPT_DATA)
         struct crypt_data buffer;
 
@@ -738,7 +738,7 @@ APU_DECLARE(apr_status_t) apr_password_v
         if (!crypt_pw) {
             return APR_EMISMATCH;
         }
-        apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+        return (strcmp(crypt_pw, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
 #else
         /* Do a bit of sanity checking since we know that crypt_r()
          * should always be used for threaded builds on AIX, and
@@ -758,8 +758,8 @@ APU_DECLARE(apr_status_t) apr_password_v
             crypt_mutex_unlock();
             return APR_EMISMATCH;
         }
-        apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
         crypt_mutex_unlock();
+        return (strcmp(crypt_pw, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
 #endif
     }
     return (strcmp(sample, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;