You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by sf...@apache.org on 2012/07/16 22:43:31 UTC
svn commit: r1362244 - in /apr/apr-util/branches/1.4.x: ./ crypto/apr_md5.c
Author: sf
Date: Mon Jul 16 20:43:30 2012
New Revision: 1362244
URL: http://svn.apache.org/viewvc?rev=1362244&view=rev
Log:
Merge r1362243:
Avoid copying the hashed password to a temp buffer, if possible.
Noted by Jason Ovich <jasonovich mailfish de>
PR: 53410
Modified:
apr/apr-util/branches/1.4.x/ (props changed)
apr/apr-util/branches/1.4.x/crypto/apr_md5.c
Propchange: apr/apr-util/branches/1.4.x/
------------------------------------------------------------------------------
Merged /apr/apr/trunk:r1362241
Merged /apr/apr-util/branches/1.5.x:r1362243
Modified: apr/apr-util/branches/1.4.x/crypto/apr_md5.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/crypto/apr_md5.c?rev=1362244&r1=1362243&r2=1362244&view=diff
==============================================================================
--- apr/apr-util/branches/1.4.x/crypto/apr_md5.c (original)
+++ apr/apr-util/branches/1.4.x/crypto/apr_md5.c Mon Jul 16 20:43:30 2012
@@ -716,7 +716,7 @@ APU_DECLARE(apr_status_t) apr_password_v
* It's not our algorithm, so feed it to crypt() if possible.
*/
#if defined(WIN32) || defined(BEOS) || defined(NETWARE)
- apr_cpystrn(sample, passwd, sizeof(sample) - 1);
+ return (strcmp(passwd, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
#elif defined(CRYPT_R_CRYPTD)
CRYPTD buffer;
@@ -724,7 +724,7 @@ APU_DECLARE(apr_status_t) apr_password_v
if (!crypt_pw) {
return APR_EMISMATCH;
}
- apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+ return (strcmp(crypt_pw, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
#elif defined(CRYPT_R_STRUCT_CRYPT_DATA)
struct crypt_data buffer;
@@ -738,7 +738,7 @@ APU_DECLARE(apr_status_t) apr_password_v
if (!crypt_pw) {
return APR_EMISMATCH;
}
- apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+ return (strcmp(crypt_pw, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
#else
/* Do a bit of sanity checking since we know that crypt_r()
* should always be used for threaded builds on AIX, and
@@ -758,8 +758,8 @@ APU_DECLARE(apr_status_t) apr_password_v
crypt_mutex_unlock();
return APR_EMISMATCH;
}
- apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
crypt_mutex_unlock();
+ return (strcmp(crypt_pw, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
#endif
}
return (strcmp(sample, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;