diff options
| author | Martijn van Duren <martijn@cvs.openbsd.org> | 2022-06-29 09:10:14 +0000 |
|---|---|---|
| committer | Martijn van Duren <martijn@cvs.openbsd.org> | 2022-06-29 09:10:14 +0000 |
| commit | 48b649cf16602ea257d09d0acef59b2c0990a52f (patch) | |
| tree | cf106fea68c4f6539bd9c46e33070ad4478857fc /usr.sbin/ldapd | |
| parent | 8245f4e12b8ab475bbf02a96816154c84a2f7b49 (diff) | |
Use strncasecmp instead of strncmp when comparing the password scheme.
This change could theoretically affect some people who actually have one
of the scheme's in lower case in their password, but this is extremely
unlikely in the real world.
Pointed out by David Diggles (david <at> elven <dot> com <dot> au)
OK sthen@
Diffstat (limited to 'usr.sbin/ldapd')
| -rw-r--r-- | usr.sbin/ldapd/auth.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/usr.sbin/ldapd/auth.c b/usr.sbin/ldapd/auth.c index f8debff7a2d..c1f6f1204b1 100644 --- a/usr.sbin/ldapd/auth.c +++ b/usr.sbin/ldapd/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.14 2019/10/24 12:39:26 tb Exp $ */ +/* $OpenBSD: auth.c,v 1.15 2022/06/29 09:10:13 martijn Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -220,7 +220,7 @@ check_password(struct request *req, const char *stored_passwd, if (stored_passwd == NULL) return -1; - if (strncmp(stored_passwd, "{SHA}", 5) == 0) { + if (strncasecmp(stored_passwd, "{SHA}", 5) == 0) { sz = b64_pton(stored_passwd + 5, tmp, sizeof(tmp)); if (sz != SHA_DIGEST_LENGTH) return (-1); @@ -228,7 +228,7 @@ check_password(struct request *req, const char *stored_passwd, SHA1_Update(&ctx, passwd, strlen(passwd)); SHA1_Final(md, &ctx); return (bcmp(md, tmp, SHA_DIGEST_LENGTH) == 0 ? 1 : 0); - } else if (strncmp(stored_passwd, "{SSHA}", 6) == 0) { + } else if (strncasecmp(stored_passwd, "{SSHA}", 6) == 0) { sz = b64_pton(stored_passwd + 6, tmp, sizeof(tmp)); if (sz <= SHA_DIGEST_LENGTH) return (-1); @@ -238,12 +238,12 @@ check_password(struct request *req, const char *stored_passwd, SHA1_Update(&ctx, salt, sz - SHA_DIGEST_LENGTH); SHA1_Final(md, &ctx); return (bcmp(md, tmp, SHA_DIGEST_LENGTH) == 0 ? 1 : 0); - } else if (strncmp(stored_passwd, "{CRYPT}", 7) == 0) { + } else if (strncasecmp(stored_passwd, "{CRYPT}", 7) == 0) { encpw = crypt(passwd, stored_passwd + 7); if (encpw == NULL) return (-1); return (strcmp(encpw, stored_passwd + 7) == 0 ? 1 : 0); - } else if (strncmp(stored_passwd, "{BSDAUTH}", 9) == 0) { + } else if (strncasecmp(stored_passwd, "{BSDAUTH}", 9) == 0) { if (send_auth_request(req, stored_passwd + 9, passwd) == -1) return (-1); return 2; /* Operation in progress. */ |