From 413ea15ef7eb8e8462351e49dd74390d5a20ba44 Mon Sep 17 00:00:00 2001
From: Adam Dickmeiss <adam@indexdata.dk>
Date: Wed, 11 Oct 2006 20:18:47 +0000
Subject: [PATCH] Fixed bug 672: Trailing characters in password are ignored.
 By default htpasswd uses DES encryption of maximum key
 length 8. This means that a password can only have 8
 significant digits. Function passwd_db_auth now returns -2
 if password is greater than 8.

---
 util/passwddb.c |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/util/passwddb.c b/util/passwddb.c
index 785ec56..16d5c71 100644
--- a/util/passwddb.c
+++ b/util/passwddb.c
@@ -1,4 +1,4 @@
-/* $Id: passwddb.c,v 1.7.2.3 2006-08-14 10:39:24 adam Exp $
+/* $Id: passwddb.c,v 1.7.2.4 2006-10-11 20:18:47 adam Exp $
    Copyright (C) 1995,1996,1997,1998,1999,2000,2001,2002
    Index Data Aps
 
@@ -136,15 +136,17 @@ int passwd_db_auth (Passwd_db db, const char *user, const char *pass)
     if (pe->encrypt_flag)
     {
 #if HAVE_CRYPT_H
-	char salt[3];
 	const char *des_try;
 	if (strlen (pe->des) < 3)
 	    return -3;
 	if (!pass)
 	    return -2;
-	memcpy (salt, pe->des, 2);
-	salt[2] = '\0';	
-	des_try = crypt (pass, salt);
+        if (pe->des[0] != '$') /* Not MD5? (assume DES) */
+        {
+            if (strlen(pass) > 8) /* maximum key length is 8 */
+                return -2;
+        }
+	des_try = crypt (pass, pe->des);
 	if (strcmp (des_try, pe->des))
 	    return -2;
 #else
-- 
1.7.10.4