diff options
| -rw-r--r-- | src/controller.c | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/src/controller.c b/src/controller.c index 9bb6b3a3a..91f4cfed6 100644 --- a/src/controller.c +++ b/src/controller.c @@ -504,9 +504,15 @@ static gboolean rspamd_controller_check_password( "using password as enable_password for a privileged command"); check = ctx->password; } + if (check != NULL) { if (!rspamd_is_encrypted_password (check, &pbkdf)) { - ret = rspamd_constant_memcmp (password->begin, check, password->len); + ret = FALSE; + + if (strlen (check) == password->len) { + ret = rspamd_constant_memcmp (password->begin, check, + password->len); + } } else { ret = rspamd_check_encrypted_password (ctx, password, check, @@ -527,9 +533,15 @@ static gboolean rspamd_controller_check_password( /* Accept both normal and enable passwords */ if (ctx->password != NULL) { check = ctx->password; + if (!rspamd_is_encrypted_password (check, &pbkdf)) { - check_normal = rspamd_constant_memcmp (password->begin, check, - password->len); + check_normal = FALSE; + + if (strlen (check) == password->len) { + check_normal = rspamd_constant_memcmp (password->begin, + check, + password->len); + } } else { check_normal = rspamd_check_encrypted_password (ctx, @@ -541,11 +553,18 @@ static gboolean rspamd_controller_check_password( else { check_normal = FALSE; } + if (ctx->enable_password != NULL) { check = ctx->enable_password; + if (!rspamd_is_encrypted_password (check, &pbkdf)) { - check_enable = rspamd_constant_memcmp (password->begin, check, - password->len); + check_enable = FALSE; + + if (strlen (check) == password->len) { + check_enable = rspamd_constant_memcmp (password->begin, + check, + password->len); + } } else { check_enable = rspamd_check_encrypted_password (ctx, @@ -564,7 +583,7 @@ static gboolean rspamd_controller_check_password( } if (check_normal == FALSE && check_enable == FALSE) { - msg_info("absent or incorrect password has been specified"); + msg_info ("absent or incorrect password has been specified"); ret = FALSE; } |