--- Owl/packages/popa3d/popa3d/auth_passwd.c 2002/03/20 17:08:45 1.1
+++ Owl/packages/popa3d/popa3d/auth_passwd.c 2012/08/15 09:06:39 1.2
@@ -26,9 +26,11 @@ struct passwd *auth_userpass(char *user,
if (!pw || !*pw->pw_passwd ||
*pw->pw_passwd == '*' || *pw->pw_passwd == '!')
crypt(pass, AUTH_DUMMY_SALT);
- else
- if (!strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd))
- result = pw;
+ else {
+ char *hash = crypt(pass, pw->pw_passwd);
+ if (hash && !strcmp(hash, pw->pw_passwd))
+ result = pw;
+ }
if (pw)
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
--- Owl/packages/popa3d/popa3d/auth_shadow.c 2006/03/05 13:18:32 1.2
+++ Owl/packages/popa3d/popa3d/auth_shadow.c 2012/08/15 09:06:39 1.3
@@ -52,9 +52,11 @@ struct passwd *auth_userpass(char *user,
if (!(spw = getspnam(user)) || !pw || !*spw->sp_pwdp ||
*spw->sp_pwdp == '*' || *spw->sp_pwdp == '!')
crypt(pass, AUTH_DUMMY_SALT);
- else
- if (!strcmp(crypt(pass, spw->sp_pwdp), spw->sp_pwdp))
- result = 1;
+ else {
+ char *hash = crypt(pass, spw->sp_pwdp);
+ if (hash && !strcmp(hash, spw->sp_pwdp))
+ result = 1;
+ }
write(channel[1], &result, 1);
exit(0);
}
--- Owl/packages/popa3d/popa3d/virtual.c 2006/03/07 03:30:15 1.3
+++ Owl/packages/popa3d/popa3d/virtual.c 2012/08/15 09:06:39 1.4
@@ -175,8 +175,11 @@ struct passwd *virtual_userpass(char *us
endpwent();
result = NULL;
- if (!strcmp(crypt(pass, passwd), passwd) && !fail)
- result = pw;
+ {
+ char *computed_hash = crypt(pass, passwd);
+ if (computed_hash && !strcmp(computed_hash, passwd) && !fail)
+ result = pw;
+ }
memset(auth, 0, sizeof(auth));
