X-Git-Url: https://git.hcoop.net/hcoop/debian/courier-authlib.git/blobdiff_plain/64ff59baf3361c2591d52e52bdddabebfcd21e4c..8cefd203806dc3406799e37deeed619db0546535:/checkpassword.c

diff --git a/checkpassword.c b/checkpassword.c
index b71fe14..c6b9606 100644
--- a/checkpassword.c
+++ b/checkpassword.c
@@ -1,5 +1,5 @@
 /*
-** Copyright 1998 - 1999 Double Precision, Inc.  See COPYING for
+** Copyright 1998 - 2008 Double Precision, Inc.  See COPYING for
 ** distribution information.
 */
 
@@ -16,7 +16,6 @@
 #include	"auth.h"
 #include	"courierauthdebug.h"
 
-static const char rcsid[]="$Id: checkpassword.c,v 1.16 2007/10/07 02:50:45 mrsam Exp $";
 
 #if HAVE_CRYPT
 #if NEED_CRYPT_PROTOTYPE
@@ -24,30 +23,30 @@ extern char *crypt(const char *, const char *);
 #endif
 #endif
 
-#if	HAVE_MD5LIB
 extern int authcheckpasswordmd5(const char *, const char *);
-#endif
-
-#if	HAVE_SHA1LIB
 extern int authcheckpasswordsha1(const char *, const char *);
-#endif
+
+static int safe_strcmp(const char *a, const char *nullable_b)
+{
+	if (!nullable_b)
+		return -1;
+	return strcmp(a, nullable_b);
+}
 
 static int do_authcheckpassword(const char *password, const char *encrypted_password)
 {
-#if	HAVE_MD5LIB
 	if (strncmp(encrypted_password, "$1$", 3) == 0
 	    || strncasecmp(encrypted_password, "{MD5}", 5) == 0
 	    || strncasecmp(encrypted_password, "{MD5RAW}", 8) == 0
 	    )
 		return (authcheckpasswordmd5(password, encrypted_password));
-#endif
 
-#if	HAVE_SHA1LIB
 	if (strncasecmp(encrypted_password, "{SHA}", 5) == 0 ||
-	    strncasecmp(encrypted_password, "{SHA256}", 8) == 0
-		)
+	    strncasecmp(encrypted_password, "{SHA256}", 8) == 0 ||
+	    strncasecmp(encrypted_password, "{SHA512}", 8) == 0 ||
+	    strncasecmp(encrypted_password, "{SSHA}", 6) == 0)
 		return (authcheckpasswordsha1(password, encrypted_password));
-#endif
+
 
 #if	HAVE_CRYPT
 	if (strncasecmp(encrypted_password, "{CRYPT}", 7) == 0)
@@ -56,10 +55,10 @@ static int do_authcheckpassword(const char *password, const char *encrypted_pass
 
 	return (
 #if	HAVE_CRYPT
-		strcmp(encrypted_password,
-			crypt(password, encrypted_password))
+		safe_strcmp(encrypted_password,
+			    crypt(password, encrypted_password))
 #else
-		strcmp(encrypted_password, password)
+		safe_strcmp(encrypted_password, password)
 #endif
 				);
 }