From HEAD

[openldap] / libraries / liblutil / passwd.c

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 7f133a8367a2d3e63057124f3663e2bb328f92a1..f16b49a2bc3f9d79f9b8717f175e3b8646458728 100644 (file)
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -459,9 +459,8 @@ static int chk_ssha1(
        int rc;
        unsigned char *orig_pass = NULL;
 
-       /* safety check */
-       if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <
-               sizeof(SHA1digest)+SALT_SIZE) {
+       /* safety check -- must have some salt */
+       if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHA1digest)) {
                return LUTIL_PASSWD_ERR;
        }
 
@@ -473,7 +472,8 @@ static int chk_ssha1(
 
        rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
 
-       if (rc < (int)(sizeof(SHA1digest)+SALT_SIZE)) {
+       /* safety check -- must have some salt */
+       if (rc <= (int)(sizeof(SHA1digest))) {
                ber_memfree(orig_pass);
                return LUTIL_PASSWD_ERR;
        }
@@ -547,8 +547,7 @@ static int chk_smd5(
        unsigned char *orig_pass = NULL;
 
        /* safety check */
-       if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <
-               sizeof(MD5digest)+SALT_SIZE) {
+       if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(MD5digest)) {
                return LUTIL_PASSWD_ERR;
        }
 
@@ -560,7 +559,7 @@ static int chk_smd5(
 
        rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
 
-       if (rc < (int)(sizeof(MD5digest)+SALT_SIZE)) {
+       if (rc <= (int)(sizeof(MD5digest))) {
                ber_memfree(orig_pass);
                return LUTIL_PASSWD_ERR;
        }