diff options
| author |   millert <millert@openbsd.org> | 2015-10-30 16:38:55 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 2015-10-30 16:38:55 +0000 |
| commit | 62c892f7a4f5aa377ae61215672e1972ce091bc7 (patch) | |
| tree | 29f512923e6204e933610b7136eac6ac9a4eb487 | |
| parent | print unsigned ints with %u, not %d. Reported by Pascal Cuoq. (diff) | |
| download | wireguard-openbsd-62c892f7a4f5aa377ae61215672e1972ce091bc7.tar.xz wireguard-openbsd-62c892f7a4f5aa377ae61215672e1972ce091bc7.zip | |
Use crypt_checkpass() instead of strcmp(hash, crypt(password, hash)).
Fixes a crash in pserver mode when CVSROOT/passwd contains an old
DES password.
| -rw-r--r-- | gnu/usr.bin/cvs/src/server.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/gnu/usr.bin/cvs/src/server.c b/gnu/usr.bin/cvs/src/server.c index 91afd17918d..dee5b5d36ea 100644 --- a/gnu/usr.bin/cvs/src/server.c +++ b/gnu/usr.bin/cvs/src/server.c @@ -5530,8 +5530,6 @@ error 0 %s: no such user\n", username); #ifdef AUTH_SERVER_SUPPORT -extern char *crypt PROTO((const char *, const char *)); - /* * 0 means no entry found for this user. @@ -5658,10 +5656,9 @@ check_repository_password (username, password, repository, host_user_ptr) if (host_user_tmp == NULL) host_user_tmp = username; - /* Verify blank passwords directly, otherwise use crypt(). */ + /* Verify blank passwords directly, otherwise use crypt_checkpass(). */ if ((found_password == NULL) - || ((strcmp (found_password, crypt (password, found_password)) - == 0))) + || (crypt_checkpass (password, found_password) == 0)) { /* Give host_user_ptr permanent storage. */ *host_user_ptr = xstrdup (host_user_tmp); @@ -5754,8 +5751,7 @@ error 0 %s: no such user\n", username); if (*found_passwd) { /* user exists and has a password */ - host_user = ((! strcmp (found_passwd, - crypt (password, found_passwd))) + host_user = ((! crypt_checkpass (password, found_passwd)) ? xstrdup (username) : NULL); goto handle_return; } |