]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a87988)
auth: If MD5 scheme can't decode the password log an error.
authorTimo Sirainen <tss@iki.fi>
Tue, 30 Dec 2008 23:49:50 +0000 (01:49 +0200)
committerTimo Sirainen <tss@iki.fi>
Tue, 30 Dec 2008 23:49:50 +0000 (01:49 +0200)
--HG--
branch : HEAD

src/auth/password-scheme.c patch | blob | blame | history

diff --git a/src/auth/password-scheme.c b/src/auth/password-scheme.c
index 46f17599a6596d3cb10fea70dcc64d52f6743fd5..2a0dca42c3584456384e3ac139527d03e58f7e2f 100644 (file)
--- a/src/auth/password-scheme.c
+++ b/src/auth/password-scheme.c
@@ -296,11 +296,12 @@ md5_verify(const char *plaintext, const char *user,
                /* MD5-CRYPT */
                str = password_generate_md5_crypt(plaintext, password);
                return strcmp(str, password) == 0;
+       } else if (password_decode(password, "PLAIN-MD5",
+                                  &md5_password, &md5_size) < 0) {
+               i_error("md5_verify(%s): Not a valid MD5-CRYPT or "
+                       "PLAIN-MD5 password", user);
+               return FALSE;
        } else {
-               if (password_decode(password, "PLAIN-MD5",
-                                   &md5_password, &md5_size) < 0)
-                       return FALSE;
-
                return password_verify(plaintext, user, "PLAIN-MD5",
                                       md5_password, md5_size) > 0;
        }
Mirror of https://github.com/dovecot/core.git