1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
--- Owl/packages/popa3d/popa3d/auth_passwd.c 2002/03/20 17:08:45 1.1
+++ Owl/packages/popa3d/popa3d/auth_passwd.c 2012/08/15 09:06:39 1.2
@@ -26,9 +26,11 @@ struct passwd *auth_userpass(char *user,
if (!pw || !*pw->pw_passwd ||
*pw->pw_passwd == '*' || *pw->pw_passwd == '!')
crypt(pass, AUTH_DUMMY_SALT);
- else
- if (!strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd))
- result = pw;
+ else {
+ char *hash = crypt(pass, pw->pw_passwd);
+ if (hash && !strcmp(hash, pw->pw_passwd))
+ result = pw;
+ }
if (pw)
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
--- Owl/packages/popa3d/popa3d/auth_shadow.c 2006/03/05 13:18:32 1.2
+++ Owl/packages/popa3d/popa3d/auth_shadow.c 2012/08/15 09:06:39 1.3
@@ -52,9 +52,11 @@ struct passwd *auth_userpass(char *user,
if (!(spw = getspnam(user)) || !pw || !*spw->sp_pwdp ||
*spw->sp_pwdp == '*' || *spw->sp_pwdp == '!')
crypt(pass, AUTH_DUMMY_SALT);
- else
- if (!strcmp(crypt(pass, spw->sp_pwdp), spw->sp_pwdp))
- result = 1;
+ else {
+ char *hash = crypt(pass, spw->sp_pwdp);
+ if (hash && !strcmp(hash, spw->sp_pwdp))
+ result = 1;
+ }
write(channel[1], &result, 1);
exit(0);
}
--- Owl/packages/popa3d/popa3d/virtual.c 2006/03/07 03:30:15 1.3
+++ Owl/packages/popa3d/popa3d/virtual.c 2012/08/15 09:06:39 1.4
@@ -175,8 +175,11 @@ struct passwd *virtual_userpass(char *us
endpwent();
result = NULL;
- if (!strcmp(crypt(pass, passwd), passwd) && !fail)
- result = pw;
+ {
+ char *computed_hash = crypt(pass, passwd);
+ if (computed_hash && !strcmp(computed_hash, passwd) && !fail)
+ result = pw;
+ }
memset(auth, 0, sizeof(auth));
|
