You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by sf...@apache.org on 2012/07/15 23:47:49 UTC
svn commit: r1361814 - in /apr/apr-util/branches/1.5.x: ./ CHANGES
crypto/apr_passwd.c
Author: sf
Date: Sun Jul 15 21:47:49 2012
New Revision: 1361814
URL: http://svn.apache.org/viewvc?rev=1361814&view=rev
Log:
Merge 1361811:
Increase the buffer size for the hashed string
sha512-crypt with custom rounds= prefix needs 115 bytes plus length of the
number of rounds string to store the resulting hash. An usable buffer size of
119 limited this to 9999 rounds.
Use 200 to allow for future hash algorithms with longer string lengths (e.g.
due to longer salt).
PR 53410
Modified:
apr/apr-util/branches/1.5.x/ (props changed)
apr/apr-util/branches/1.5.x/CHANGES
apr/apr-util/branches/1.5.x/crypto/apr_passwd.c
Propchange: apr/apr-util/branches/1.5.x/
------------------------------------------------------------------------------
Merged /apr/apr/trunk:r1361811
Modified: apr/apr-util/branches/1.5.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/CHANGES?rev=1361814&r1=1361813&r2=1361814&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.5.x/CHANGES [utf-8] Sun Jul 15 21:47:49 2012
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with APR-util 1.5.0
+ *) apr_password_validate: Increase maximum hash string length to allow
+ more than 9999 rounds with sha512-crypt. PR 53410. [Stefan Fritsch]
+
*) apr_password_validate, apr_bcrypt_encode: Add support for bcrypt encoded
passwords. The bcrypt implementation uses code from crypt_blowfish
written by Solar Designer <solar openwall com>. apr_bcrypt_encode creates
Modified: apr/apr-util/branches/1.5.x/crypto/apr_passwd.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_passwd.c?rev=1361814&r1=1361813&r2=1361814&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_passwd.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_passwd.c Sun Jul 15 21:47:49 2012
@@ -72,7 +72,7 @@ static void crypt_mutex_unlock(void)
APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd,
const char *hash)
{
- char sample[120];
+ char sample[200];
#if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
char *crypt_pw;
#endif