Browse Source
[CritFix] Fix unencrypted passwords processing in the controller
Reported by: @kvapstags/1.3.0
Vsevolod Stakhov
8 years ago
1 changed files with 25 additions and 6 deletions
+ 25
- 6
src/controller.c
View File
| @@ -504,9 +504,15 @@ static gboolean rspamd_controller_check_password( | |||
| "using password as enable_password for a privileged command"); | |||
| check = ctx->password; | |||
| } | |||
| if (check != NULL) { | |||
| if (!rspamd_is_encrypted_password (check, &pbkdf)) { | |||
| ret = rspamd_constant_memcmp (password->begin, check, password->len); | |||
| ret = FALSE; | |||
| if (strlen (check) == password->len) { | |||
| ret = rspamd_constant_memcmp (password->begin, check, | |||
| password->len); | |||
| } | |||
| } | |||
| else { | |||
| ret = rspamd_check_encrypted_password (ctx, password, check, | |||
| @@ -527,9 +533,15 @@ static gboolean rspamd_controller_check_password( | |||
| /* Accept both normal and enable passwords */ | |||
| if (ctx->password != NULL) { | |||
| check = ctx->password; | |||
| if (!rspamd_is_encrypted_password (check, &pbkdf)) { | |||
| check_normal = rspamd_constant_memcmp (password->begin, check, | |||
| password->len); | |||
| check_normal = FALSE; | |||
| if (strlen (check) == password->len) { | |||
| check_normal = rspamd_constant_memcmp (password->begin, | |||
| check, | |||
| password->len); | |||
| } | |||
| } | |||
| else { | |||
| check_normal = rspamd_check_encrypted_password (ctx, | |||
| @@ -541,11 +553,18 @@ static gboolean rspamd_controller_check_password( | |||
| else { | |||
| check_normal = FALSE; | |||
| } | |||
| if (ctx->enable_password != NULL) { | |||
| check = ctx->enable_password; | |||
| if (!rspamd_is_encrypted_password (check, &pbkdf)) { | |||
| check_enable = rspamd_constant_memcmp (password->begin, check, | |||
| password->len); | |||
| check_enable = FALSE; | |||
| if (strlen (check) == password->len) { | |||
| check_enable = rspamd_constant_memcmp (password->begin, | |||
| check, | |||
| password->len); | |||
| } | |||
| } | |||
| else { | |||
| check_enable = rspamd_check_encrypted_password (ctx, | |||
| @@ -564,7 +583,7 @@ static gboolean rspamd_controller_check_password( | |||
| } | |||
| if (check_normal == FALSE && check_enable == FALSE) { | |||
| msg_info("absent or incorrect password has been specified"); | |||
| msg_info ("absent or incorrect password has been specified"); | |||
| ret = FALSE; | |||
| } | |||
Loading…