Lines 222-233
user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
Link Here
|
222 |
} else { |
222 |
} else { |
223 |
cryptpw = crypt (pass, data.dptr); |
223 |
cryptpw = crypt (pass, data.dptr); |
224 |
|
224 |
|
225 |
if (cryptpw) { |
225 |
if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { |
226 |
compare = strncasecmp (data.dptr, cryptpw, data.dsize); |
226 |
compare = memcmp(data.dptr, cryptpw, data.dsize); |
227 |
} else { |
227 |
} else { |
228 |
compare = -2; |
228 |
compare = -2; |
229 |
if (ctrl & PAM_DEBUG_ARG) { |
229 |
if (ctrl & PAM_DEBUG_ARG) { |
230 |
pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); |
230 |
if (cryptpw) |
|
|
231 |
pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); |
232 |
else |
233 |
pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); |
231 |
} |
234 |
} |
232 |
}; |
235 |
}; |
233 |
|
236 |
|
234 |
- |
|
|