From 8b229fb77149af93880e3232cbcf8ce25b250374 Mon Sep 17 00:00:00 2001 From: "dkl%redhat.com" <> Date: Fri, 12 Sep 2008 20:12:18 +0000 Subject: [PATCH] Bug 453767 - Passwords containing wide characters causes system error Patch by David Lawrence - r/a=mkanat --- Bugzilla/Auth/Verify/DB.pm | 5 +++++ Bugzilla/Util.pm | 5 +++++ userprefs.cgi | 10 ++++++++-- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm index 88ad78d544..f2c008dbf1 100644 --- a/Bugzilla/Auth/Verify/DB.pm +++ b/Bugzilla/Auth/Verify/DB.pm @@ -53,6 +53,11 @@ sub check_credentials { "SELECT cryptpassword FROM profiles WHERE userid = ?", undef, $user_id); + # Wide characters cause crypt to die + if (Bugzilla->params->{'utf8'}) { + utf8::encode($password) if utf8::is_utf8($password); + } + # Using the internal crypted password as the salt, # crypt the password the user entered. my $entered_password_crypted = crypt($password, $real_password_crypted); diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 1e7dbf8d1b..0301969f64 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -474,6 +474,11 @@ sub bz_crypt { $salt .= $saltchars[rand(64)]; } + # Wide characters cause crypt to die + if (Bugzilla->params->{'utf8'}) { + utf8::encode($password) if utf8::is_utf8($password); + } + # Crypt the password. my $cryptedpassword = crypt($password, $salt); diff --git a/userprefs.cgi b/userprefs.cgi index b281fd2146..d73a61e549 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -90,8 +90,14 @@ sub SaveAccount { undef, $user->id); $oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password"); - if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne - $oldcryptedpwd) + my $oldpassword = $cgi->param('Bugzilla_password'); + + # Wide characters cause crypt to die + if (Bugzilla->params->{'utf8'}) { + utf8::encode($oldpassword) if utf8::is_utf8($oldpassword); + } + + if (crypt($oldpassword, $oldcryptedpwd) ne $oldcryptedpwd) { ThrowUserError("old_password_incorrect"); } -- 2.47.2