Skip to content
Permalink
Browse files

improve crypt authentication

also don't segfault when spasswd is empty
  • Loading branch information...
Paul J Stevens
Paul J Stevens committed Feb 10, 2016
1 parent 9b4bf84 commit 77fa6cbb77a0637bea84bd2bfa108e4497aca06d
Showing with 6 additions and 1 deletion.
  1. +6 −1 src/dm_db.c
@@ -3687,6 +3687,10 @@ int db_user_validate(ClientBase_T *ci, const char *pwfield, uint64_t *user_idnr,
return t;

if (! t) return FALSE;
if (! strlen(dbpass)) {
TRACE(TRACE_INFO, "Empty password for [%" PRIu64 "] in [%s]", *user_idnr, pwfield);
return FALSE;
}

if (SMATCH(encode, "")) {
TRACE(TRACE_DEBUG, "validating using plaintext passwords");
@@ -3699,7 +3703,8 @@ int db_user_validate(ClientBase_T *ci, const char *pwfield, uint64_t *user_idnr,

if (SMATCH(encode, "crypt")) {
TRACE(TRACE_DEBUG, "validating using crypt() encryption");
is_validated = (strcmp((const char *) crypt(password, dbpass), dbpass) == 0) ? 1 : 0;
strncpy(salt, dbpass, 2);
is_validated = (strcmp((const char *) crypt(password, salt), dbpass) == 0) ? 1 : 0;
} else if (SMATCH(encode, "md5")) {
/* get password */
if (strncmp(dbpass, "$1$", 3)) { // no match

0 comments on commit 77fa6cb

Please sign in to comment.
You can’t perform that action at this time.