ITS#2662: NS_MTA-MD5 hash check fix

author Kurt Zeilenga <kurt@openldap.org>

Sat, 9 Aug 2003 18:47:16 +0000 (18:47 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Sat, 9 Aug 2003 18:47:16 +0000 (18:47 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Sat, 9 Aug 2003 18:47:16 +0000 (18:47 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Sat, 9 Aug 2003 18:47:16 +0000 (18:47 +0000)
diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c

index f150cdf37b40fb319c9269f9355ef86c32195260..90395922501728fe201f67fb67e2e70c759020cb 100644 (file)
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -646,9 +646,13 @@ static int chk_ns_mta_md5(
  {
         lutil_MD5_CTX MD5context;
         unsigned char MD5digest[LUTIL_MD5_BYTES], c;
-       char buffer[LUTIL_MD5_BYTES + LUTIL_MD5_BYTES + 1];
+       char buffer[LUTIL_MD5_BYTES*2];
         int i;
  
+       if( passwd.bv_len != LUTIL_MD5_BYTES*2 ) {
+               return 1;
+       }
+
         /* hash credentials with salt */
         lutil_MD5Init(&MD5context);
         lutil_MD5Update(&MD5context,
@@ -681,8 +685,8 @@ static int chk_ns_mta_md5(
         }
  
         /* compare */
-       return memcmp((char *)passwd->bv_val, (char *)buffer, sizeof(buffer))
-               ? 1 : 0;
+       return memcmp((char *)passwd->bv_val,
+               (char *)buffer, sizeof(buffer)) ? 1 : 0;
  }
  #endif
author	Kurt Zeilenga <kurt@openldap.org>
	Sat, 9 Aug 2003 18:47:16 +0000 (18:47 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Sat, 9 Aug 2003 18:47:16 +0000 (18:47 +0000)