apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rj...@apache.org
Subject svn commit: r1449309 - in /apr/apr-util/branches/1.5.x: ./ CHANGES crypto/apr_passwd.c
Date Sat, 23 Feb 2013 12:24:37 GMT
Author: rjung
Date: Sat Feb 23 12:24:37 2013
New Revision: 1449309

URL: http://svn.apache.org/r1449309
Log:
Fix password validation failure for all crypt
and crypt_r based algorithms.

PR: 54603

Submitted by: Harvey Eneman <harvey.eneman oracle.com>

Backport of r1449308 from trunk.

Modified:
    apr/apr-util/branches/1.5.x/   (props changed)
    apr/apr-util/branches/1.5.x/CHANGES
    apr/apr-util/branches/1.5.x/crypto/apr_passwd.c

Propchange: apr/apr-util/branches/1.5.x/
------------------------------------------------------------------------------
  Merged /apr/apr/trunk:r1449308

Modified: apr/apr-util/branches/1.5.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/CHANGES?rev=1449309&r1=1449308&r2=1449309&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.5.x/CHANGES [utf-8] Sat Feb 23 12:24:37 2013
@@ -1,6 +1,9 @@
                                                      -*- coding: utf-8 -*-
 Changes with APR-util 1.5.2
 
+  *) Fix password validation failure for all crypt and crypt_r based
+     algorithms. PR 54603.  [Harvey Eneman <harvey.eneman oracle.com>]
+
   *) Fix syntax error in crypto/apr_passwd.c on non-glibc systems. PR 54275.
      [Stefan Fritsch]
 

Modified: apr/apr-util/branches/1.5.x/crypto/apr_passwd.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_passwd.c?rev=1449309&r1=1449308&r2=1449309&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_passwd.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_passwd.c Sat Feb 23 12:24:37 2013
@@ -77,19 +77,18 @@ APU_DECLARE(apr_status_t) apr_password_v
 #if !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
     char *crypt_pw;
 #endif
-    if (hash[0] == '$') {
-        if (hash[1] == '2' && (hash[2] == 'a' || hash[2] == 'y')
-            && hash[3] == '$')
-        {
-            if (_crypt_blowfish_rn(passwd, hash, sample, sizeof(sample)) == NULL)
-                return APR_FROM_OS_ERROR(errno);
-        }
-        else if (!strncmp(hash, apr1_id, strlen(apr1_id))) {
-            /*
-             * The hash was created using our custom algorithm.
-             */
-            apr_md5_encode(passwd, hash, sample, sizeof(sample));
-        }
+    if (hash[0] == '$'
+        && hash[1] == '2'
+        && (hash[2] == 'a' || hash[2] == 'y')
+        && hash[3] == '$') {
+        if (_crypt_blowfish_rn(passwd, hash, sample, sizeof(sample)) == NULL)
+            return APR_FROM_OS_ERROR(errno);
+    }
+    else if (!strncmp(hash, apr1_id, strlen(apr1_id))) {
+        /*
+         * The hash was created using our custom algorithm.
+         */
+        apr_md5_encode(passwd, hash, sample, sizeof(sample));
     }
     else if (!strncmp(hash, APR_SHA1PW_ID, APR_SHA1PW_IDLEN)) {
          apr_sha1_base64(passwd, (int)strlen(passwd), sample);



Mime
View raw message