From: Timo Sirainen <tss@iki.fi>
Date: Tue, 30 Dec 2008 23:49:50 +0000 (+0200)
Subject: auth: If MD5 scheme can't decode the password log an error.
X-Git-Tag: 1.2.beta1~157
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b03dffa5d7122d52a7ed8870d381ce4d2ccc090a;p=thirdparty%2Fdovecot%2Fcore.git

auth: If MD5 scheme can't decode the password log an error.

--HG--
branch : HEAD
---

diff --git a/src/auth/password-scheme.c b/src/auth/password-scheme.c
index 46f17599a6..2a0dca42c3 100644
--- a/src/auth/password-scheme.c
+++ b/src/auth/password-scheme.c
@@ -296,11 +296,12 @@ md5_verify(const char *plaintext, const char *user,
 		/* MD5-CRYPT */
 		str = password_generate_md5_crypt(plaintext, password);
 		return strcmp(str, password) == 0;
+	} else if (password_decode(password, "PLAIN-MD5",
+				   &md5_password, &md5_size) < 0) {
+		i_error("md5_verify(%s): Not a valid MD5-CRYPT or "
+			"PLAIN-MD5 password", user);
+		return FALSE;
 	} else {
-		if (password_decode(password, "PLAIN-MD5",
-				    &md5_password, &md5_size) < 0)
-			return FALSE;
-
 		return password_verify(plaintext, user, "PLAIN-MD5",
 				       md5_password, md5_size) > 0;
 	}