[dovecot-cvs] dovecot/src/auth db-passwd-file.c,1.23,1.24

cras at dovecot.org cras at dovecot.org
Fri Mar 31 18:02:39 EEST 2006 

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv4131

Modified Files:
	db-passwd-file.c 
Log Message:
Don't break if password contains '[' characters.



Index: db-passwd-file.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-passwd-file.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- db-passwd-file.c	25 Mar 2006 10:19:10 -0000	1.23
+++ db-passwd-file.c	31 Mar 2006 15:02:37 -0000	1.24
@@ -25,8 +25,9 @@
 {
 	/* args = uid, gid, user info, home dir, shell, extra_fields */
 	struct passwd_user *pu;
-	const char *p, *extra_fields = NULL;
+	const char *extra_fields = NULL;
 	char *user;
+	size_t len;
 
 	if (hash_lookup(pw->users, username) != NULL) {
 		i_error("passwd-file %s: User %s exists more than once",
@@ -37,18 +38,19 @@
 	pu = p_new(pw->pool, struct passwd_user, 1);
 	user = p_strdup(pw->pool, username);
 
-	p = pass == NULL ? NULL : strchr(pass, '[');
-	if (p == NULL) {
-		pu->password = p_strdup(pw->pool, pass);
-	} else {
+	len = strlen(pass);
+	if (pass[0] != '{' && pass[0] != '$' &&
+	    len > 4 && pass[len-1] == ']' && pass[len-4] == '[') {
 		/* password[type] - we're being libpam-pwdfile compatible
 		   here. it uses 13 = DES and 34 = MD5. For backwards
 		   comaptibility with ourself, we have also 56 = Digest-MD5. */
-		pass = t_strdup_until(pass, p);
-		if (p[1] == '3' && p[2] == '4') {
+		int num = (pass[len-3] - '0') * 10 + (pass[len-2] - '0');
+
+		pass = t_strndup(pass, len-4);
+		if (num == 34) {
 			pu->password = p_strconcat(pw->pool, "{PLAIN-MD5}",
 						   pass, NULL);
-		} else if (p[1] == '5' && p[2] == '6') {
+		} else if (num == 56) {
 			pu->password = p_strconcat(pw->pool, "{DIGEST-MD5}",
 						   pass, NULL);
 			if (strlen(pu->password) != 32 + 12) {
@@ -61,6 +63,8 @@
 			pu->password = p_strconcat(pw->pool, "{CRYPT}",
 						   pass, NULL);
 		}
+	} else {
+		pu->password = p_strdup(pw->pool, pass);
 	}
 
 	if (*args != NULL && **args != '\0') {

More information about the dovecot-cvs mailing list