From 9cb6714040739c9c1ec6917f3fccb0222b654ea3 Mon Sep 17 00:00:00 2001
From: Per Cederqvist <ceder@lysator.liu.se>
Date: Thu, 12 Sep 1991 16:35:15 +0000
Subject: [PATCH] Fixed crypted password checking.

---
 src/server/person.c | 43 +++++++++++++++++++++++++++++++++++--------
 1 file changed, 35 insertions(+), 8 deletions(-)

diff --git a/src/server/person.c b/src/server/person.c
index a90fad78b..d791bea61 100644
--- a/src/server/person.c
+++ b/src/server/person.c
@@ -4,7 +4,7 @@
  * All atomic calls that deals with persons.
  */
 
-static char *rcsid = "$Id: person.c,v 0.8 1991/09/11 23:03:48 ceder Exp $";
+static char *rcsid = "$Id: person.c,v 0.9 1991/09/12 16:35:15 ceder Exp $";
 
 #include <m-config.h>
 #include <time.h>
@@ -26,13 +26,21 @@ static char *rcsid = "$Id: person.c,v 0.8 1991/09/11 23:03:48 ceder Exp $";
 #include "connections.h"
 #include "send-async.h"
 #include <debug.h>
+
 /*
  * Static functions.
  */
+
 static Bool
 legal_passwd(const String pwd)
 {
-    return TRUE;		/* ??? */
+    int i;
+
+    for (i = 0; i < s_strlen(pwd); i++)
+	if (pwd.string[i] == '\0')
+	    return FALSE;
+
+    return TRUE; 
 }
 
 static Success
@@ -43,6 +51,7 @@ do_set_passwd( Password        pwd,
     char salt[3];
     static char crypt_seed[] = ("abcdefghijklmnopqrstuvwxyz"
 				"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./");
+    char *password;
 
     if ( !legal_passwd(new_pwd) )
 	return FAILURE;
@@ -50,8 +59,16 @@ do_set_passwd( Password        pwd,
     salt[0] = crypt_seed [rand() % sizeof (crypt_seed)];
     salt[1] = crypt_seed [rand() % sizeof (crypt_seed)];
     salt[2] = '\0';
-    
-    strcpy((char *)pwd, (const char *)crypt((char *)new_pwd.string, salt));
+
+    password = s_crea_c_str(new_pwd);
+    if (password == NULL)
+	return FAILURE;
+    else
+    {
+	strcpy((char *)pwd, (const char *)crypt(password, salt));
+	sfree(password);
+	return OK;
+    }
 
 #else
 
@@ -63,9 +80,9 @@ do_set_passwd( Password        pwd,
     strncpy(pwd, (const char *)new_pwd.string,
 	    min( PASSWD_LEN-1, new_pwd.len ));
 
-#endif
-
     return OK;
+
+#endif
 }
 
 
@@ -307,13 +324,23 @@ chk_passwd (Password      pwd,
 	    const String  try)
 {
 #ifdef ENCRYPT_PASSWORDS
+    char *c_try;
 
+    c_try = s_crea_c_str(try);
+    if (c_try == NULL)
+	return FAILURE;
+    
     if (strcmp ((const char *)pwd,
-		(const char *)crypt((const char *)&try.string[2],
-				    (const char *)try.string))) 
+		(const char *)crypt(c_try, (const char *)pwd)) != 0)
+    {
+	sfree(c_try);
 	return FAILURE;
+    }
     else
+    {
+	sfree(c_try);
 	return OK;
+    }
 
 #else
 
-- 
GitLab