You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by sf...@apache.org on 2012/07/15 23:47:49 UTC

svn commit: r1361814 - in /apr/apr-util/branches/1.5.x: ./ CHANGES crypto/apr_passwd.c

Author: sf
Date: Sun Jul 15 21:47:49 2012
New Revision: 1361814

URL: http://svn.apache.org/viewvc?rev=1361814&view=rev
Log:
Merge 1361811:

Increase the buffer size for the hashed string

sha512-crypt with custom rounds= prefix needs 115 bytes plus length of the
number of rounds string to store the resulting hash. An usable buffer size of
119 limited this to 9999 rounds.

Use 200 to allow for future hash algorithms with longer string lengths (e.g.
due to longer salt).

PR 53410

Modified:
    apr/apr-util/branches/1.5.x/   (props changed)
    apr/apr-util/branches/1.5.x/CHANGES
    apr/apr-util/branches/1.5.x/crypto/apr_passwd.c

Propchange: apr/apr-util/branches/1.5.x/
------------------------------------------------------------------------------
  Merged /apr/apr/trunk:r1361811

Modified: apr/apr-util/branches/1.5.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/CHANGES?rev=1361814&r1=1361813&r2=1361814&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.5.x/CHANGES [utf-8] Sun Jul 15 21:47:49 2012
@@ -1,6 +1,9 @@
                                                      -*- coding: utf-8 -*-
 Changes with APR-util 1.5.0
 
+  *) apr_password_validate: Increase maximum hash string length to allow
+     more than 9999 rounds with sha512-crypt. PR 53410. [Stefan Fritsch]
+
   *) apr_password_validate, apr_bcrypt_encode: Add support for bcrypt encoded
      passwords. The bcrypt implementation uses code from crypt_blowfish
      written by Solar Designer <solar openwall com>. apr_bcrypt_encode creates

Modified: apr/apr-util/branches/1.5.x/crypto/apr_passwd.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_passwd.c?rev=1361814&r1=1361813&r2=1361814&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_passwd.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_passwd.c Sun Jul 15 21:47:49 2012
@@ -72,7 +72,7 @@ static void crypt_mutex_unlock(void)
 APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, 
                                                 const char *hash)
 {
-    char sample[120];
+    char sample[200];
 #if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
     char *crypt_pw;
 #endif