Fix password validation failure for all crypt

and crypt_r based algorithms. PR: 54603 Submitted by: Harvey Eneman <harvey.eneman oracle.com> Backport of r1449308 from trunk. git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x@1449309 13f79535-47bb-0310-9956-ffa450edef68
author: rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68> 2013-02-23 12:24:37 +0000
committer: rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68> 2013-02-23 12:24:37 +0000
commit: cc058f2c991dd5ab17e77af41a819d7325ab8cd6 (patch)
tree: 46b08fea891177de532de372b15a487e1bf69a44
parent: 13d40373c61590721c653786617ae29150bb1843 (diff)
download: libapr-util-cc058f2c991dd5ab17e77af41a819d7325ab8cd6.tar.gz
2 files changed, 15 insertions, 13 deletions
diff --git a/CHANGES b/CHANGES
index 6c52e817..4d8229c0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                      -*- coding: utf-8 -*-
 Changes with APR-util 1.5.2
 
+  *) Fix password validation failure for all crypt and crypt_r based
+     algorithms. PR 54603.  [Harvey Eneman <harvey.eneman oracle.com>]
+
   *) Fix syntax error in crypto/apr_passwd.c on non-glibc systems. PR 54275.
      [Stefan Fritsch]
 
diff --git a/crypto/apr_passwd.c b/crypto/apr_passwd.c
index 983e5c36..68e411f9 100644
--- a/crypto/apr_passwd.c
+++ b/crypto/apr_passwd.c
@@ -77,19 +77,18 @@ APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd,
 #if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
     char *crypt_pw;
 #endif
-    if (hash[0] == '$') {
-        if (hash[1] == '2' && (hash[2] == 'a' || hash[2] == 'y')
-            && hash[3] == '$')
-        {
-            if (_crypt_blowfish_rn(passwd, hash, sample, sizeof(sample)) == NULL)
-                return APR_FROM_OS_ERROR(errno);
-        }
-        else if (!strncmp(hash, apr1_id, strlen(apr1_id))) {
-            /*
-             * The hash was created using our custom algorithm.
-             */
-            apr_md5_encode(passwd, hash, sample, sizeof(sample));
-        }
+    if (hash[0] == '$'
+        && hash[1] == '2'
+        && (hash[2] == 'a' || hash[2] == 'y')
+        && hash[3] == '$') {
+        if (_crypt_blowfish_rn(passwd, hash, sample, sizeof(sample)) == NULL)
+            return APR_FROM_OS_ERROR(errno);
+    }
+    else if (!strncmp(hash, apr1_id, strlen(apr1_id))) {
+        /*
+         * The hash was created using our custom algorithm.
+         */
+        apr_md5_encode(passwd, hash, sample, sizeof(sample));
     }
     else if (!strncmp(hash, APR_SHA1PW_ID, APR_SHA1PW_IDLEN)) {
          apr_sha1_base64(passwd, (int)strlen(passwd), sample);
author	rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68>	2013-02-23 12:24:37 +0000
committer	rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68>	2013-02-23 12:24:37 +0000
commit	cc058f2c991dd5ab17e77af41a819d7325ab8cd6 (patch)
tree	46b08fea891177de532de372b15a487e1bf69a44
parent	13d40373c61590721c653786617ae29150bb1843 (diff)
download	libapr-util-cc058f2c991dd5ab17e77af41a819d7325ab8cd6.tar.gz