Mercurial > dovecot > core-2.2
diff src/auth/auth-request.c @ 4872:07bdc78ce38e HEAD
Don't crash if plain-md5, plain-md4 or sha1 password is invalid and we're
not using digest-md5 authentication..
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Sun, 03 Dec 2006 21:23:33 +0200 |
| parents | 679c9326741c |
| children | 4ec6a4def05b |
line wrap: on
line diff
--- a/src/auth/auth-request.c Sun Dec 03 20:56:58 2006 +0200 +++ b/src/auth/auth-request.c Sun Dec 03 21:23:33 2006 +0200 @@ -906,8 +906,12 @@ return 0; } + /* If original_username is set, use it. It may be important for some + password schemes (eg. digest-md5). Otherwise the username is used + only for logging purposes. */ ret = password_verify(plain_password, crypted_password, scheme, - request->original_username); + request->original_username != NULL ? + request->original_username : request->user); if (ret < 0) { auth_request_log_error(request, subsystem, "Unknown password scheme %s", scheme);