1 files changed, 38 insertions, 0 deletions

diff --git a/mail/dbmail/files/patch-0005-improve-crypt-authentication b/mail/dbmail/files/patch-0005-improve-crypt-authentication
new file mode 100644
index 000000000000..953c2d89794b
--- /dev/null
+++ b/mail/dbmail/files/patch-0005-improve-crypt-authentication
@@ -0,0 +1,38 @@
+From b4b82aca1dd1c8aece722b8370da02b715e4bb53 Mon Sep 17 00:00:00 2001
+From: Paul J Stevens <p.stevens@lukkien.com>
+Date: Wed, 10 Feb 2016 09:14:41 +0100
+Subject: [PATCH 05/33] improve crypt authentication
+
+also don't segfault when spasswd is empty
+---
+ src/dm_db.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git src/dm_db.c src/dm_db.c
+index 313b33f..bfe9601 100644
+--- src/dm_db.c
++++ src/dm_db.c
+@@ -3687,6 +3687,10 @@ int db_user_validate(ClientBase_T *ci, const char *pwfield, uint64_t *user_idnr,
+ 		return t;
+ 	
+ 	if (! t) return FALSE;
++	if (! strlen(dbpass)) {
++		TRACE(TRACE_INFO, "Empty password for [%" PRIu64 "] in [%s]", *user_idnr, pwfield);
++	       	return FALSE;
++	}
+ 
+ 	if (SMATCH(encode, "")) {
+ 		TRACE(TRACE_DEBUG, "validating using plaintext passwords");
+@@ -3699,7 +3703,8 @@ int db_user_validate(ClientBase_T *ci, const char *pwfield, uint64_t *user_idnr,
+ 
+ 	if (SMATCH(encode, "crypt")) {
+ 		TRACE(TRACE_DEBUG, "validating using crypt() encryption");
+-		is_validated = (strcmp((const char *) crypt(password, dbpass), dbpass) == 0) ? 1 : 0;
++		strncpy(salt, dbpass, 2);
++		is_validated = (strcmp((const char *) crypt(password, salt), dbpass) == 0) ? 1 : 0;
+ 	} else if (SMATCH(encode, "md5")) {
+ 		/* get password */
+ 		if (strncmp(dbpass, "$1$", 3)) { // no match
+-- 
+2.10.1 (Apple Git-78)
+