From 63f496b42a2d80f4a7609e666d21a70e5d44a60f Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 12 Jun 2017 11:38:35 +0100
Subject: [PATCH] [Fix] Fix logic of cached passwords check

Issue: #913
---
 src/controller.c | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/src/controller.c b/src/controller.c
index 37364813d..f1daba22c 100644
--- a/src/controller.c
+++ b/src/controller.c
@@ -291,13 +291,34 @@ rspamd_check_encrypted_password (struct rspamd_controller_worker_ctx *ctx,
 		if (password->len != ctx->cached_password.len ||
 				!rspamd_constant_memcmp (password->begin,
 						ctx->cached_password.begin, password->len)) {
-			msg_info_ctx ("incorrect or absent password has been specified");
-			return FALSE;
+			/* We still need to check enable password here */
+			if (ctx->cached_enable_password.len != 0) {
+				if (password->len != ctx->cached_enable_password.len ||
+						!rspamd_constant_memcmp (password->begin,
+								ctx->cached_enable_password.begin,
+								password->len)) {
+					msg_info_ctx (
+							"incorrect or absent password has been specified");
+
+					return FALSE;
+				}
+				else {
+					/* Cached matched */
+					return TRUE;
+				}
+			}
+			else {
+				/* We might want to check uncached version */
+				goto check_uncached;
+			}
+		}
+		else {
+			/* Cached matched */
+			return TRUE;
 		}
-
-		return TRUE;
 	}
 
+check_uncached:
 	g_assert (pbkdf != NULL);
 	/* get salt */
 	salt = rspamd_encrypted_password_get_str (check, 3, &salt_len);
-- 
2.39.5