From: dkl%redhat.com <>
Date: Fri, 12 Sep 2008 20:10:11 +0000 (+0000)
Subject: Bug 453767 -  Passwords containing wide characters causes system error
X-Git-Tag: bugzilla-3.3.1~165
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac1f49a8d936a91831162bafda0dd7236ee95108;p=thirdparty%2Fbugzilla.git

Bug 453767 -  Passwords containing wide characters causes system error
Patch by David Lawrence <dkl@redhat.com> - a/r=mkanat
---

diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index 88ad78d544..f2c008dbf1 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -53,6 +53,11 @@ sub check_credentials {
         "SELECT cryptpassword FROM profiles WHERE userid = ?",
         undef, $user_id);
 
+    # Wide characters cause crypt to die
+    if (Bugzilla->params->{'utf8'}) {
+        utf8::encode($password) if utf8::is_utf8($password);
+    }
+
     # Using the internal crypted password as the salt,
     # crypt the password the user entered.
     my $entered_password_crypted = crypt($password, $real_password_crypted);
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 9ff810b4f4..defa152708 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -480,6 +480,11 @@ sub bz_crypt {
         $salt .= $saltchars[rand(64)];
     }
 
+    # Wide characters cause crypt to die
+    if (Bugzilla->params->{'utf8'}) {
+        utf8::encode($password) if utf8::is_utf8($password);
+    }
+    
     # Crypt the password.
     my $cryptedpassword = crypt($password, $salt);
 
diff --git a/userprefs.cgi b/userprefs.cgi
index 3ccfe820a9..24a6a56998 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -90,8 +90,14 @@ sub SaveAccount {
                         undef, $user->id);
         $oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password");
 
-        if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne 
-                  $oldcryptedpwd) 
+        my $oldpassword = $cgi->param('Bugzilla_password');
+
+        # Wide characters cause crypt to die
+        if (Bugzilla->params->{'utf8'}) {
+            utf8::encode($oldpassword) if utf8::is_utf8($oldpassword);
+        } 
+
+        if (crypt($oldpassword, $oldcryptedpwd) ne $oldcryptedpwd) 
         {
             ThrowUserError("old_password_incorrect");
         }