diff options
| author | Muhammad Moinur Rahman <bofh@FreeBSD.org> | 2017-02-24 21:15:52 +0000 |
|---|---|---|
| committer | Muhammad Moinur Rahman <bofh@FreeBSD.org> | 2017-02-24 21:15:52 +0000 |
| commit | 9eff14e4885b86d6f5a8b35c69ebaabd9e74df06 (patch) | |
| tree | 443206cca0976456f3fd02dad4c4ebfe294c5904 /mail/dbmail/files/patch-0005-improve-crypt-authentication | |
| parent | devel/py-pathlib2: add missing dependency (diff) | |
mail/dbmail: adopt latest fixes from git:
- login_disabled option before starttls for pop3
- fix compiler warnings for GCC5
- Fix IMAP mailbox maintanence
- prevent assertion in p_string_erase
- improve crypt authentication, also don't segfault when spasswd is empty
- simplify log_query_time duration logic
- Disconnect IMAP clients if only few free FDs left
- Add primary key constraint to dbmail_authlog
- Rework temporary connection failures
- Give sensible default for retry 120s
- Add retries for binding and searching
- Bump search timeout to 60s
- Increase ldap timeout to 600s 10 mins
- Refactor deprecated functions
- Get timeout from config
- Remove redundant event_assign
- Remove deprecated non functioning g_mem_profile
- Add definition for authldap_free
- Revert inadvertent event_assign removal
- Reduce failed LDAP connection for search to error
- Update LDAP to non deprecated search
- Clear the ldap connection
- Update ldap deprecated unbind
- Fix typo
- Update to ldap_unbind_ext_s and remove redundant sigaction
- Rebalance commit rollback
- Ensure mailbox2dbmail is using Python 2
- Tidy mailbox2dbmail man page
- Update description of pid file location in server man page
- Boundaries fixups ordering of parts do not add newline on
- Prepend headers during delivery
- Allow for systems that don't use proc
PR: 210274
Submitted by: fluffy
Diffstat (limited to 'mail/dbmail/files/patch-0005-improve-crypt-authentication')
| -rw-r--r-- | mail/dbmail/files/patch-0005-improve-crypt-authentication | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/mail/dbmail/files/patch-0005-improve-crypt-authentication b/mail/dbmail/files/patch-0005-improve-crypt-authentication new file mode 100644 index 000000000000..953c2d89794b --- /dev/null +++ b/mail/dbmail/files/patch-0005-improve-crypt-authentication @@ -0,0 +1,38 @@ +From b4b82aca1dd1c8aece722b8370da02b715e4bb53 Mon Sep 17 00:00:00 2001 +From: Paul J Stevens <p.stevens@lukkien.com> +Date: Wed, 10 Feb 2016 09:14:41 +0100 +Subject: [PATCH 05/33] improve crypt authentication + +also don't segfault when spasswd is empty +--- + src/dm_db.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git src/dm_db.c src/dm_db.c +index 313b33f..bfe9601 100644 +--- src/dm_db.c ++++ src/dm_db.c +@@ -3687,6 +3687,10 @@ int db_user_validate(ClientBase_T *ci, const char *pwfield, uint64_t *user_idnr, + return t; + + if (! t) return FALSE; ++ if (! strlen(dbpass)) { ++ TRACE(TRACE_INFO, "Empty password for [%" PRIu64 "] in [%s]", *user_idnr, pwfield); ++ return FALSE; ++ } + + if (SMATCH(encode, "")) { + TRACE(TRACE_DEBUG, "validating using plaintext passwords"); +@@ -3699,7 +3703,8 @@ int db_user_validate(ClientBase_T *ci, const char *pwfield, uint64_t *user_idnr, + + if (SMATCH(encode, "crypt")) { + TRACE(TRACE_DEBUG, "validating using crypt() encryption"); +- is_validated = (strcmp((const char *) crypt(password, dbpass), dbpass) == 0) ? 1 : 0; ++ strncpy(salt, dbpass, 2); ++ is_validated = (strcmp((const char *) crypt(password, salt), dbpass) == 0) ? 1 : 0; + } else if (SMATCH(encode, "md5")) { + /* get password */ + if (strncmp(dbpass, "$1$", 3)) { // no match +-- +2.10.1 (Apple Git-78) + |