httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r829355 - /httpd/httpd/trunk/support/htpasswd.c
Date Sat, 24 Oct 2009 12:39:42 GMT
Author: sf
Date: Sat Oct 24 12:39:41 2009
New Revision: 829355

URL: http://svn.apache.org/viewvc?rev=829355&view=rev
Log:
Verify that password has been truncated before printing a warning.

Modified:
    httpd/httpd/trunk/support/htpasswd.c

Modified: httpd/httpd/trunk/support/htpasswd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=829355&r1=829354&r2=829355&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htpasswd.c (original)
+++ httpd/httpd/trunk/support/htpasswd.c Sat Oct 24 12:39:41 2009
@@ -186,10 +186,6 @@
         pw = pwin;
         memset(pwv, '\0', sizeof(pwin));
     }
-    if (alg == ALG_CRYPT && strlen(pw) > 8) {
-        apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
-                        "by CRYPT algorithm." NL);
-    }
     switch (alg) {
 
     case ALG_APSHA:
@@ -223,6 +219,15 @@
         salt[8] = '\0';
 
         apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
+        if (strlen(pw) > 8) {
+            char *truncpw = strdup(pw);
+            truncpw[8] = '\0';
+            if (!strcmp(cpw, crypt(pw, salt))) {
+                apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
+                                "by CRYPT algorithm." NL);
+            }
+            free(truncpw);
+        }
         break;
 #endif
     }



Mime
View raw message