On 10/24/2009 02:39 PM, [email protected] wrote: > Author: sf > Date: Sat Oct 24 12:39:41 2009 > New Revision: 829355 > > URL: http://svn.apache.org/viewvc?rev=829355&view=rev > Log: > Verify that password has been truncated before printing a warning. > > Modified: > httpd/httpd/trunk/support/htpasswd.c > > Modified: httpd/httpd/trunk/support/htpasswd.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=829355&r1=829354&r2=829355&view=diff > ============================================================================== > --- httpd/httpd/trunk/support/htpasswd.c (original) > +++ httpd/httpd/trunk/support/htpasswd.c Sat Oct 24 12:39:41 2009 > @@ -186,10 +186,6 @@ > pw = pwin; > memset(pwv, '\0', sizeof(pwin)); > } > - if (alg == ALG_CRYPT && strlen(pw) > 8) { > - apr_file_printf(errfile, "Warning: Password truncated to 8 > characters " > - "by CRYPT algorithm." NL); > - } > switch (alg) { > > case ALG_APSHA: > @@ -223,6 +219,15 @@ > salt[8] = '\0'; > > apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1); > + if (strlen(pw) > 8) { > + char *truncpw = strdup(pw); > + truncpw[8] = '\0'; > + if (!strcmp(cpw, crypt(pw, salt))) {
I assume you want to do crypt(truncpw, salt) instead of crypt(pw, salt) > + apr_file_printf(errfile, "Warning: Password truncated to 8 > characters " > + "by CRYPT algorithm." NL); > + } > + free(truncpw); > + } > break; > #endif > } > Regards RĂ¼diger
