apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1361816 - in /apr/apr-util/branches/1.4.x: ./ CHANGES crypto/apr_md5.c
Date Sun, 15 Jul 2012 21:50:40 GMT
Author: sf
Date: Sun Jul 15 21:50:39 2012
New Revision: 1361816

URL: http://svn.apache.org/viewvc?rev=1361816&view=rev
Log:
Merge r1361814:

Increase the buffer size for the hashed string

sha512-crypt with custom rounds= prefix needs 115 bytes plus length of the
number of rounds string to store the resulting hash. An usable buffer size of
119 limited this to 9999 rounds.

Use 200 to allow for future hash algorithms with longer string lengths (e.g.
due to longer salt).

PR: 53410


Modified:
    apr/apr-util/branches/1.4.x/   (props changed)
    apr/apr-util/branches/1.4.x/CHANGES
    apr/apr-util/branches/1.4.x/crypto/apr_md5.c

Propchange: apr/apr-util/branches/1.4.x/
------------------------------------------------------------------------------
  Merged /apr/apr/trunk:r1361811
  Merged /apr/apr-util/branches/1.5.x:r1361814

Modified: apr/apr-util/branches/1.4.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/CHANGES?rev=1361816&r1=1361815&r2=1361816&view=diff
==============================================================================
--- apr/apr-util/branches/1.4.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.4.x/CHANGES [utf-8] Sun Jul 15 21:50:39 2012
@@ -1,6 +1,9 @@
                                                      -*- coding: utf-8 -*-
 Changes with APR-util 1.4.3
 
+  *) apr_password_validate: Increase maximum hash string length to allow
+     more than 9999 rounds with sha512-crypt. PR 53410. [Stefan Fritsch]
+
   *) Fix segfaults in crypt() and crypt_r() failure modes.
      PR 47272.  [Arkadiusz Miskiewicz <arekm pld-linux.org>]
 

Modified: apr/apr-util/branches/1.4.x/crypto/apr_md5.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/crypto/apr_md5.c?rev=1361816&r1=1361815&r2=1361816&view=diff
==============================================================================
--- apr/apr-util/branches/1.4.x/crypto/apr_md5.c (original)
+++ apr/apr-util/branches/1.4.x/crypto/apr_md5.c Sun Jul 15 21:50:39 2012
@@ -698,7 +698,7 @@ static void crypt_mutex_unlock(void)
 APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, 
                                                 const char *hash)
 {
-    char sample[120];
+    char sample[200];
 #if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
     char *crypt_pw;
 #endif



Mime
View raw message