mirror of
https://git.freebsd.org/ports.git
synced 2025-06-07 22:00:31 -04:00
9eff14e488
- login_disabled option before starttls for pop3 - fix compiler warnings for GCC5 - Fix IMAP mailbox maintanence - prevent assertion in p_string_erase - improve crypt authentication, also don't segfault when spasswd is empty - simplify log_query_time duration logic - Disconnect IMAP clients if only few free FDs left - Add primary key constraint to dbmail_authlog - Rework temporary connection failures - Give sensible default for retry 120s - Add retries for binding and searching - Bump search timeout to 60s - Increase ldap timeout to 600s 10 mins - Refactor deprecated functions - Get timeout from config - Remove redundant event_assign - Remove deprecated non functioning g_mem_profile - Add definition for authldap_free - Revert inadvertent event_assign removal - Reduce failed LDAP connection for search to error - Update LDAP to non deprecated search - Clear the ldap connection - Update ldap deprecated unbind - Fix typo - Update to ldap_unbind_ext_s and remove redundant sigaction - Rebalance commit rollback - Ensure mailbox2dbmail is using Python 2 - Tidy mailbox2dbmail man page - Update description of pid file location in server man page - Boundaries fixups ordering of parts do not add newline on - Prepend headers during delivery - Allow for systems that don't use proc PR: 210274 Submitted by: fluffy
38 lines
1.3 KiB
Text
38 lines
1.3 KiB
Text
From b4b82aca1dd1c8aece722b8370da02b715e4bb53 Mon Sep 17 00:00:00 2001
|
|
From: Paul J Stevens <p.stevens@lukkien.com>
|
|
Date: Wed, 10 Feb 2016 09:14:41 +0100
|
|
Subject: [PATCH 05/33] improve crypt authentication
|
|
|
|
also don't segfault when spasswd is empty
|
|
---
|
|
src/dm_db.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git src/dm_db.c src/dm_db.c
|
|
index 313b33f..bfe9601 100644
|
|
--- src/dm_db.c
|
|
+++ src/dm_db.c
|
|
@@ -3687,6 +3687,10 @@ int db_user_validate(ClientBase_T *ci, const char *pwfield, uint64_t *user_idnr,
|
|
return t;
|
|
|
|
if (! t) return FALSE;
|
|
+ if (! strlen(dbpass)) {
|
|
+ TRACE(TRACE_INFO, "Empty password for [%" PRIu64 "] in [%s]", *user_idnr, pwfield);
|
|
+ return FALSE;
|
|
+ }
|
|
|
|
if (SMATCH(encode, "")) {
|
|
TRACE(TRACE_DEBUG, "validating using plaintext passwords");
|
|
@@ -3699,7 +3703,8 @@ int db_user_validate(ClientBase_T *ci, const char *pwfield, uint64_t *user_idnr,
|
|
|
|
if (SMATCH(encode, "crypt")) {
|
|
TRACE(TRACE_DEBUG, "validating using crypt() encryption");
|
|
- is_validated = (strcmp((const char *) crypt(password, dbpass), dbpass) == 0) ? 1 : 0;
|
|
+ strncpy(salt, dbpass, 2);
|
|
+ is_validated = (strcmp((const char *) crypt(password, salt), dbpass) == 0) ? 1 : 0;
|
|
} else if (SMATCH(encode, "md5")) {
|
|
/* get password */
|
|
if (strncmp(dbpass, "$1$", 3)) { // no match
|
|
--
|
|
2.10.1 (Apple Git-78)
|
|
|