httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53410] SHA-2 password hashes with more than 9999 rounds not accepted
Date Mon, 16 Jul 2012 20:45:43 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53410

Stefan Fritsch <sf@sfritsch.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #4 from Stefan Fritsch <sf@sfritsch.de> ---
(In reply to comment #3)
> Hmm, I've read through the code again and the fix consists of increasing the
> size of the (static) buffer holding a copy of the crypted password. I don't
> see why this size limit is necessary at all. Why not just do a
> straight-forward strcmp(crypt_pw, hash) at the end?

True, that's better. Fixed in

trunk: r1362241
1.5: r1362243
1.4: r1362244

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message