mirror of
git://slackware.nl/current.git
synced 2025-01-17 18:12:36 +01:00
54 lines
1.9 KiB
Diff
54 lines
1.9 KiB
Diff
|
--- cvs-1.11.23/src/server.c.orig 2013-05-17
|
||
|
+++ cvs-1.11.23/src/server.c 2013-05-22
|
||
|
@@ -5632,9 +5632,11 @@ check_repository_password (username, pas
|
||
|
host_user_tmp = username;
|
||
|
|
||
|
/* Verify blank passwords directly, otherwise use crypt(). */
|
||
|
+ char *crypt_passwd = found_password ? crypt (password, found_password): NULL;
|
||
|
if ((found_password == NULL)
|
||
|
- || ((strcmp (found_password, crypt (password, found_password))
|
||
|
- == 0)))
|
||
|
+ || (crypt_passwd != NULL
|
||
|
+ && (strcmp (found_password, crypt_passwd)
|
||
|
+ == 0)))
|
||
|
{
|
||
|
/* Give host_user_ptr permanent storage. */
|
||
|
*host_user_ptr = xstrdup (host_user_tmp);
|
||
|
@@ -5645,7 +5647,7 @@ check_repository_password (username, pas
|
||
|
#ifdef LOG_AUTHPRIV
|
||
|
syslog (LOG_AUTHPRIV | LOG_NOTICE,
|
||
|
"password mismatch for %s in %s: %s vs. %s", username,
|
||
|
- repository, crypt(password, found_password), found_password);
|
||
|
+ repository, crypt_passwd, found_password);
|
||
|
#endif
|
||
|
*host_user_ptr = NULL;
|
||
|
retval = 2;
|
||
|
@@ -5675,6 +5677,7 @@ check_password (username, password, repo
|
||
|
char *host_user = NULL;
|
||
|
char *found_passwd = NULL;
|
||
|
struct passwd *pw;
|
||
|
+ char *crypt_passwd = NULL;
|
||
|
|
||
|
/* First we see if this user has a password in the CVS-specific
|
||
|
password file. If so, that's enough to authenticate with. If
|
||
|
@@ -5752,7 +5755,9 @@ error 0 %s: no such user\n", username);
|
||
|
if (*found_passwd)
|
||
|
{
|
||
|
/* user exists and has a password */
|
||
|
- if (strcmp (found_passwd, crypt (password, found_passwd)) == 0)
|
||
|
+ crypt_passwd = crypt (password, found_passwd);
|
||
|
+ if ((crypt_passwd != NULL) &&
|
||
|
+ (strcmp (found_passwd, crypt_passwd) == 0))
|
||
|
{
|
||
|
host_user = xstrdup (username);
|
||
|
}
|
||
|
@@ -5762,7 +5767,7 @@ error 0 %s: no such user\n", username);
|
||
|
#ifdef LOG_AUTHPRIV
|
||
|
syslog (LOG_AUTHPRIV | LOG_NOTICE,
|
||
|
"password mismatch for %s: %s vs. %s", username,
|
||
|
- crypt(password, found_passwd), found_passwd);
|
||
|
+ crypt_passwd, found_passwd);
|
||
|
#endif
|
||
|
}
|
||
|
goto handle_return;
|