From: Stefan Fritsch <sf@apache.org>
Date: Sat, 24 Oct 2009 12:39:41 +0000 (+0000)
Subject: Verify that password has been truncated before printing a warning.
X-Git-Tag: 2.3.3~136
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7d0f95eec956a7e199052253206318fce2281407;p=apache

Verify that password has been truncated before printing a warning.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@829355 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/support/htpasswd.c b/support/htpasswd.c
index c8cac25611..20c616d382 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -186,10 +186,6 @@ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd,
         pw = pwin;
         memset(pwv, '\0', sizeof(pwin));
     }
-    if (alg == ALG_CRYPT && strlen(pw) > 8) {
-        apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
-                        "by CRYPT algorithm." NL);
-    }
     switch (alg) {
 
     case ALG_APSHA:
@@ -223,6 +219,15 @@ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd,
         salt[8] = '\0';
 
         apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
+        if (strlen(pw) > 8) {
+            char *truncpw = strdup(pw);
+            truncpw[8] = '\0';
+            if (!strcmp(cpw, crypt(pw, salt))) {
+                apr_file_printf(errfile, "Warning: Password truncated to 8 characters "
+                                "by CRYPT algorithm." NL);
+            }
+            free(truncpw);
+        }
         break;
 #endif
     }