Import Debian changes 0.69.0-2

[hcoop/debian/courier-authlib.git] / checkpassword.c

diff --git a/checkpassword.c b/checkpassword.c
index 80acfd4..9f7896a 100644 (file)
--- a/checkpassword.c
+++ b/checkpassword.c
@@ -26,8 +26,16 @@ extern char *crypt(const char *, const char *);
 extern int authcheckpasswordmd5(const char *, const char *);
 extern int authcheckpasswordsha1(const char *, const char *);
 
+static int safe_strcmp(const char *a, const char *nullable_b)
+{
+       if (!nullable_b)
+               return -1;
+       return strcmp(a, nullable_b);
+}
+
 static int do_authcheckpassword(const char *password, const char *encrypted_password)
 {
+       char *cpass;
        if (strncmp(encrypted_password, "$1$", 3) == 0
            || strncasecmp(encrypted_password, "{MD5}", 5) == 0
            || strncasecmp(encrypted_password, "{MD5RAW}", 8) == 0
@@ -46,14 +54,17 @@ static int do_authcheckpassword(const char *password, const char *encrypted_pass
                encrypted_password += 7;
 #endif
 
-       return (
 #if    HAVE_CRYPT
-               strcmp(encrypted_password,
-                       crypt(password, encrypted_password))
+
+       cpass = crypt(password, encrypted_password);
+       if (cpass == NULL) {
+               return 1;
+       } else {
+               return safe_strcmp(encrypted_password, cpass);
+       }
 #else
-               strcmp(encrypted_password, password)
+       return safe_strcmp(encrypted_password, password)
 #endif
-                               );
 }
 
 int authcheckpassword(const char *password, const char *encrypted_password)