diff options
author | rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68> | 2013-02-23 12:24:37 +0000 |
---|---|---|
committer | rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68> | 2013-02-23 12:24:37 +0000 |
commit | cc058f2c991dd5ab17e77af41a819d7325ab8cd6 (patch) | |
tree | 46b08fea891177de532de372b15a487e1bf69a44 | |
parent | 13d40373c61590721c653786617ae29150bb1843 (diff) | |
download | libapr-util-cc058f2c991dd5ab17e77af41a819d7325ab8cd6.tar.gz |
Fix password validation failure for all crypt
and crypt_r based algorithms.
PR: 54603
Submitted by: Harvey Eneman <harvey.eneman oracle.com>
Backport of r1449308 from trunk.
git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x@1449309 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | crypto/apr_passwd.c | 25 |
2 files changed, 15 insertions, 13 deletions
@@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with APR-util 1.5.2 + *) Fix password validation failure for all crypt and crypt_r based + algorithms. PR 54603. [Harvey Eneman <harvey.eneman oracle.com>] + *) Fix syntax error in crypto/apr_passwd.c on non-glibc systems. PR 54275. [Stefan Fritsch] diff --git a/crypto/apr_passwd.c b/crypto/apr_passwd.c index 983e5c36..68e411f9 100644 --- a/crypto/apr_passwd.c +++ b/crypto/apr_passwd.c @@ -77,19 +77,18 @@ APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, #if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) char *crypt_pw; #endif - if (hash[0] == '$') { - if (hash[1] == '2' && (hash[2] == 'a' || hash[2] == 'y') - && hash[3] == '$') - { - if (_crypt_blowfish_rn(passwd, hash, sample, sizeof(sample)) == NULL) - return APR_FROM_OS_ERROR(errno); - } - else if (!strncmp(hash, apr1_id, strlen(apr1_id))) { - /* - * The hash was created using our custom algorithm. - */ - apr_md5_encode(passwd, hash, sample, sizeof(sample)); - } + if (hash[0] == '$' + && hash[1] == '2' + && (hash[2] == 'a' || hash[2] == 'y') + && hash[3] == '$') { + if (_crypt_blowfish_rn(passwd, hash, sample, sizeof(sample)) == NULL) + return APR_FROM_OS_ERROR(errno); + } + else if (!strncmp(hash, apr1_id, strlen(apr1_id))) { + /* + * The hash was created using our custom algorithm. + */ + apr_md5_encode(passwd, hash, sample, sizeof(sample)); } else if (!strncmp(hash, APR_SHA1PW_ID, APR_SHA1PW_IDLEN)) { apr_sha1_base64(passwd, (int)strlen(passwd), sample); |