Download | Plain Text | No Line Numbers
- --- a/vcdb.c 2011-02-28 18:00:45.000000000 +0100
- +++ b/vcdb.c 2020-02-25 17:46:43.360186000 +0100
- @@ -672,14 +672,14 @@
- char Dir[156];
- uid_t uid;
- gid_t gid;
- - char crypted[100];
- + char crypted[128];
-
- if ( vget_assign(domain, Dir, 156, &uid, &gid ) == NULL ) {
- strcpy(Dir, VPOPMAILDIR);
- }
-
- if ( pass[0] != 0 ) {
- - mkpasswd3(pass,crypted, 100);
- + mkpasswd3(pass,crypted, sizeof(crypted));
- } else {
- crypted[0] = 0;
- }
- --- a/vldap.c 2020-02-25 17:49:48.775599000 +0100
- +++ b/vldap.c 2020-02-25 17:49:30.139649000 +0100
- @@ -490,7 +490,7 @@
- int ret = 0, vd = 0;
- int i,len;
- char *b = NULL;
- - char crypted[100] = { 0 };
- + char crypted[128] = { 0 };
-
-
- if ((dir) && (*dir))
- @@ -547,11 +547,11 @@
- lm[0]->mod_values[0] = safe_strdup(user);
-
- /* lm[1] will store : userPassword / pw_password */
- - memset((char *)crypted, 0, 100);
- + memset((char *)crypted, 0, sizeof(crypted));
- if ( password[0] == 0 ) {
- crypted[0] = 0;
- } else {
- - mkpasswd3(password, crypted, 100);
- + mkpasswd3(password, crypted, sizeof(crypted));
- }
-
- lm[1]->mod_values[0] = (char *) safe_malloc(strlen(crypted) + 7 + 1);
- --- a/vmoduser.c 2011-02-28 18:00:45.000000000 +0100
- +++ b/vmoduser.c 2020-02-25 17:48:02.385359000 +0100
- @@ -74,7 +74,7 @@
- if ( Gecos[0] != 0 ) mypw->pw_gecos = Gecos;
- if ( Dir[0] != 0 ) mypw->pw_dir = Dir;
- if ( Passwd[0] != 0 ) {
- - mkpasswd3(Passwd,Crypted, 100);
- + mkpasswd3(Passwd,Crypted, sizeof(Crypted));
- mypw->pw_passwd = Crypted;
- #ifdef CLEAR_PASS
- mypw->pw_clear_passwd = Passwd;
- @@ -100,7 +100,7 @@
- if ( Gecos[0] != 0 ) mypw->pw_gecos = Gecos;
- if ( Dir[0] != 0 ) mypw->pw_dir = Dir;
- if ( Passwd[0] != 0 ) {
- - mkpasswd3(Passwd,Crypted, 100);
- + mkpasswd3(Passwd,Crypted, sizeof(Crypted));
- mypw->pw_passwd = Crypted;
- #ifdef CLEAR_PASS
- mypw->pw_clear_passwd = Passwd;
- --- a/vmysql.c 2020-02-25 17:49:48.779876000 +0100
- +++ b/vmysql.c 2020-02-25 17:48:49.386502000 +0100
- @@ -376,7 +376,7 @@
- gid_t gid;
- char dirbuf[200];
- char quota[30];
- - char Crypted[100];
- + char Crypted[128];
- int err;
-
- if ( (err=vauth_open_update()) != 0 ) return(err);
- @@ -410,7 +410,7 @@
- }
-
- if ( pass[0] != 0 ) {
- - mkpasswd3(pass,Crypted, 100);
- + mkpasswd3(pass,Crypted, sizeof(Crypted));
- } else {
- Crypted[0] = 0;
- }
- --- a/voracle.pc 2011-02-28 18:00:45.000000000 +0100
- +++ b/voracle.pc 2020-02-25 17:48:41.961576000 +0100
- @@ -321,7 +321,7 @@
- gid_t gid;
- char dirbuf[200];
- char quota[30];
- - char Crypted[100];
- + char Crypted[128];
- int err;
-
- if ( (err=vauth_open_update()) != 0 ) return(err);
- @@ -355,7 +355,7 @@
- }
-
- if ( pass[0] != 0 ) {
- - mkpasswd3(pass,Crypted, 100);
- + mkpasswd3(pass,Crypted, sizeof(Crypted));
- } else {
- Crypted[0] = 0;
- }
- --- a/vpgsql.c 2020-02-25 17:49:48.782546000 +0100
- +++ b/vpgsql.c 2020-02-25 17:48:33.426363000 +0100
- @@ -208,7 +208,7 @@
- gid_t gid;
- char dirbuf[200];
- char quota[30];
- - char Crypted[100];
- + char Crypted[128];
- int err;
- PGresult *pgres;
-
- @@ -245,7 +245,7 @@
- }
-
- if ( pass[0] != 0 ) {
- - mkpasswd3(pass,Crypted, 100);
- + mkpasswd3(pass,Crypted, sizeof(Crypted));
- } else {
- Crypted[0] = 0;
- }
- --- a/vpopmail.c 2020-02-25 17:49:48.784496000 +0100
- +++ b/vpopmail.c 2020-02-25 17:34:02.502868000 +0100
- @@ -45,7 +45,7 @@
- #include "storage.h"
-
- #ifndef MD5_PASSWORDS
- -#define MAX_PW_CLEAR_PASSWD 8
- +//#define MAX_PW_CLEAR_PASSWD 8
- #endif
-
- #ifdef VPOPMAIL_DEBUG
- @@ -820,7 +820,7 @@
- int mkpasswd3( char *clearpass, char *crypted, int ssize )
- {
- char *tmpstr;
- - char salt[12];
- + char salt[21];
- static int seeded = 0;
-
- if (!seeded) {
- @@ -842,9 +842,28 @@
- salt[10] = randltr();
- salt[11] = 0;
- #else
- - salt[0] = randltr();
- - salt[1] = randltr();
- - salt[2] = 0;
- + // salt is 16 characters
- + salt[0] = '$';
- + salt[1] = '6';
- + salt[2] = '$';
- + salt[3] = randltr();
- + salt[4] = randltr();
- + salt[5] = randltr();
- + salt[6] = randltr();
- + salt[7] = randltr();
- + salt[8] = randltr();
- + salt[9] = randltr();
- + salt[10] = randltr();
- + salt[11] = randltr();
- + salt[12] = randltr();
- + salt[13] = randltr();
- + salt[14] = randltr();
- + salt[15] = randltr();
- + salt[16] = randltr();
- + salt[17] = randltr();
- + salt[18] = randltr();
- + salt[19] = '$';
- + salt[20] = 0;
- #endif
-
- tmpstr = crypt(clearpass,salt);
- --- a/vpopmaild.c 2011-02-28 18:00:45.000000000 +0100
- +++ b/vpopmaild.c 2020-02-25 17:38:24.578490000 +0100
- @@ -555,7 +555,7 @@
-
- int mod_user()
- {
- - char Crypted[64];
- + char Crypted[128];
- char *email_address;
- char *param;
- char *value;
-