Mercurial > dovecot > original-hg > dovecot-1.2
changeset 9070:b57a14e489b3 HEAD
auth: Handle crypt() failing.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Thu, 21 May 2009 12:46:17 -0400 |
| parents | aedec88c6e31 |
| children | 106e4e3dccbc |
| files | src/auth/password-scheme.c |
| diffstat | 1 files changed, 9 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/password-scheme.c Wed May 20 22:53:22 2009 -0400 +++ b/src/auth/password-scheme.c Thu May 21 12:46:17 2009 -0400 @@ -255,7 +255,7 @@ crypt_verify(const char *plaintext, const char *user ATTR_UNUSED, const unsigned char *raw_password, size_t size) { - const char *password; + const char *password, *crypted; if (size == 0) { /* the default mycrypt() handler would return match */ @@ -263,7 +263,14 @@ } password = t_strndup(raw_password, size); - return strcmp(mycrypt(plaintext, password), password) == 0; + crypted = mycrypt(plaintext, password); + if (crypted == NULL) { + /* really shouldn't happen unless the system is broken */ + i_error("crypt() failed: %m"); + return FALSE; + } + + return strcmp(crypted, password) == 0; } static void