X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Fliblutil%2Fpasswd.c;h=f16b49a2bc3f9d79f9b8717f175e3b8646458728;hb=f3648ea812ea7327e88217cdeb8def360aa012ad;hp=7f133a8367a2d3e63057124f3663e2bb328f92a1;hpb=a0f646860d698ca8d535660e650c840e3c71b2c2;p=openldap

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 7f133a8367..f16b49a2bc 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -459,9 +459,8 @@ static int chk_ssha1(
 	int rc;
 	unsigned char *orig_pass = NULL;
 
-	/* safety check */
-	if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <
-		sizeof(SHA1digest)+SALT_SIZE) {
+	/* safety check -- must have some salt */
+	if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHA1digest)) {
 		return LUTIL_PASSWD_ERR;
 	}
 
@@ -473,7 +472,8 @@ static int chk_ssha1(
 
 	rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
 
-	if (rc < (int)(sizeof(SHA1digest)+SALT_SIZE)) {
+	/* safety check -- must have some salt */
+	if (rc <= (int)(sizeof(SHA1digest))) {
 		ber_memfree(orig_pass);
 		return LUTIL_PASSWD_ERR;
 	}
@@ -547,8 +547,7 @@ static int chk_smd5(
 	unsigned char *orig_pass = NULL;
 
 	/* safety check */
-	if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <
-		sizeof(MD5digest)+SALT_SIZE) {
+	if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(MD5digest)) {
 		return LUTIL_PASSWD_ERR;
 	}
 
@@ -560,7 +559,7 @@ static int chk_smd5(
 
 	rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
 
-	if (rc < (int)(sizeof(MD5digest)+SALT_SIZE)) {
+	if (rc <= (int)(sizeof(MD5digest))) {
 		ber_memfree(orig_pass);
 		return LUTIL_PASSWD_ERR;
 	}