summaryrefslogtreecommitdiff
path: root/source/d/cvs/cvs.crypt-2.diff
diff options
context:
space:
mode:
Diffstat (limited to 'source/d/cvs/cvs.crypt-2.diff')
-rw-r--r--source/d/cvs/cvs.crypt-2.diff53
1 files changed, 53 insertions, 0 deletions
diff --git a/source/d/cvs/cvs.crypt-2.diff b/source/d/cvs/cvs.crypt-2.diff
new file mode 100644
index 00000000..140d0b95
--- /dev/null
+++ b/source/d/cvs/cvs.crypt-2.diff
@@ -0,0 +1,53 @@
+--- cvs-1.11.23/src/server.c.orig 2013-05-17
++++ cvs-1.11.23/src/server.c 2013-05-22
+@@ -5632,9 +5632,11 @@ check_repository_password (username, pas
+ host_user_tmp = username;
+
+ /* Verify blank passwords directly, otherwise use crypt(). */
++ char *crypt_passwd = found_password ? crypt (password, found_password): NULL;
+ if ((found_password == NULL)
+- || ((strcmp (found_password, crypt (password, found_password))
+- == 0)))
++ || (crypt_passwd != NULL
++ && (strcmp (found_password, crypt_passwd)
++ == 0)))
+ {
+ /* Give host_user_ptr permanent storage. */
+ *host_user_ptr = xstrdup (host_user_tmp);
+@@ -5645,7 +5647,7 @@ check_repository_password (username, pas
+ #ifdef LOG_AUTHPRIV
+ syslog (LOG_AUTHPRIV | LOG_NOTICE,
+ "password mismatch for %s in %s: %s vs. %s", username,
+- repository, crypt(password, found_password), found_password);
++ repository, crypt_passwd, found_password);
+ #endif
+ *host_user_ptr = NULL;
+ retval = 2;
+@@ -5675,6 +5677,7 @@ check_password (username, password, repo
+ char *host_user = NULL;
+ char *found_passwd = NULL;
+ struct passwd *pw;
++ char *crypt_passwd = NULL;
+
+ /* First we see if this user has a password in the CVS-specific
+ password file. If so, that's enough to authenticate with. If
+@@ -5752,7 +5755,9 @@ error 0 %s: no such user\n", username);
+ if (*found_passwd)
+ {
+ /* user exists and has a password */
+- if (strcmp (found_passwd, crypt (password, found_passwd)) == 0)
++ crypt_passwd = crypt (password, found_passwd);
++ if ((crypt_passwd != NULL) &&
++ (strcmp (found_passwd, crypt_passwd) == 0))
+ {
+ host_user = xstrdup (username);
+ }
+@@ -5762,7 +5767,7 @@ error 0 %s: no such user\n", username);
+ #ifdef LOG_AUTHPRIV
+ syslog (LOG_AUTHPRIV | LOG_NOTICE,
+ "password mismatch for %s: %s vs. %s", username,
+- crypt(password, found_passwd), found_passwd);
++ crypt_passwd, found_passwd);
+ #endif
+ }
+ goto handle_return;