apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1362241 - /apr/apr/trunk/crypto/apr_passwd.c
Date Mon, 16 Jul 2012 20:37:16 GMT
Author: sf
Date: Mon Jul 16 20:37:16 2012
New Revision: 1362241

URL: http://svn.apache.org/viewvc?rev=1362241&view=rev
Log:
Avoid copying the hashed password to a temp buffer, if possible.

Noted by Jason Ovich <jasonovich mailfish de>
PR: 53410

Modified:
    apr/apr/trunk/crypto/apr_passwd.c

Modified: apr/apr/trunk/crypto/apr_passwd.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_passwd.c?rev=1362241&r1=1362240&r2=1362241&view=diff
==============================================================================
--- apr/apr/trunk/crypto/apr_passwd.c (original)
+++ apr/apr/trunk/crypto/apr_passwd.c Mon Jul 16 20:37:16 2012
@@ -125,7 +125,7 @@ APR_DECLARE(apr_status_t) apr_password_v
          * It's not our algorithm, so feed it to crypt() if possible.
          */
 #if defined(WIN32) || defined(BEOS) || defined(NETWARE)
-        apr_cpystrn(sample, passwd, sizeof(sample) - 1);
+        return (strcmp(passwd, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
 #elif defined(CRYPT_R_CRYPTD)
         CRYPTD buffer;
 
@@ -133,7 +133,7 @@ APR_DECLARE(apr_status_t) apr_password_v
         if (!crypt_pw) {
             return APR_EMISMATCH;
         }
-        apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+        return (strcmp(crypt_pw, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
 #elif defined(CRYPT_R_STRUCT_CRYPT_DATA)
         struct crypt_data buffer;
 
@@ -150,7 +150,7 @@ APR_DECLARE(apr_status_t) apr_password_v
         if (!crypt_pw) {
             return APR_EMISMATCH;
         }
-        apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+        return (strcmp(crypt_pw, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
 #else
         /* Do a bit of sanity checking since we know that crypt_r()
          * should always be used for threaded builds on AIX, and
@@ -170,8 +170,8 @@ APR_DECLARE(apr_status_t) apr_password_v
             crypt_mutex_unlock();
             return APR_EMISMATCH;
         }
-        apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
         crypt_mutex_unlock();
+        return (strcmp(crypt_pw, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;
 #endif
     }
     return (strcmp(sample, hash) == 0) ? APR_SUCCESS : APR_EMISMATCH;



Mime
View raw message