Download | Plain Text | No Line Numbers 

  1. --- a/vcdb.c	2011-02-28 18:00:45.000000000 +0100
  2. +++ b/vcdb.c	2020-02-25 17:46:43.360186000 +0100
  3. @@ -672,14 +672,14 @@
  4.   char Dir[156];
  5.   uid_t uid;
  6.   gid_t gid;
  7. - char crypted[100];
  8. + char crypted[128];
  9.  
  10.  	if ( vget_assign(domain, Dir, 156, &uid, &gid ) == NULL ) {
  11.  		strcpy(Dir, VPOPMAILDIR);
  12.          }
  13.  
  14.          if ( pass[0] != 0 ) {
  15. -            mkpasswd3(pass,crypted, 100);
  16. +            mkpasswd3(pass,crypted, sizeof(crypted));
  17.          } else {
  18.              crypted[0] = 0;
  19.          }
  20. --- a/vldap.c	2020-02-25 17:49:48.775599000 +0100
  21. +++ b/vldap.c	2020-02-25 17:49:30.139649000 +0100
  22. @@ -490,7 +490,7 @@
  23.      int ret = 0, vd = 0;
  24.      int i,len;
  25.      char *b = NULL;
  26. -    char crypted[100] = { 0 };
  27. +    char crypted[128] = { 0 };
  28.  
  29.  
  30.      if ((dir) && (*dir))
  31. @@ -547,11 +547,11 @@
  32.      lm[0]->mod_values[0] = safe_strdup(user);
  33.  
  34.      /* lm[1] will store : userPassword / pw_password */
  35. -    memset((char *)crypted, 0, 100);
  36. +    memset((char *)crypted, 0, sizeof(crypted));
  37.      if ( password[0] == 0 ) {
  38.          crypted[0] = 0;
  39.      } else {
  40. -        mkpasswd3(password, crypted, 100);
  41. +        mkpasswd3(password, crypted, sizeof(crypted));
  42.      }
  43.  
  44.      lm[1]->mod_values[0] = (char *) safe_malloc(strlen(crypted) + 7 + 1);
  45. --- a/vmoduser.c	2011-02-28 18:00:45.000000000 +0100
  46. +++ b/vmoduser.c	2020-02-25 17:48:02.385359000 +0100
  47. @@ -74,7 +74,7 @@
  48.          if ( Gecos[0] != 0 ) mypw->pw_gecos = Gecos;
  49.          if ( Dir[0] != 0 ) mypw->pw_dir = Dir;
  50.          if ( Passwd[0] != 0 )  {
  51. -            mkpasswd3(Passwd,Crypted, 100);
  52. +            mkpasswd3(Passwd,Crypted, sizeof(Crypted));
  53.              mypw->pw_passwd = Crypted;
  54.  #ifdef CLEAR_PASS
  55.              mypw->pw_clear_passwd = Passwd;
  56. @@ -100,7 +100,7 @@
  57.              if ( Gecos[0] != 0 ) mypw->pw_gecos = Gecos;
  58.              if ( Dir[0] != 0 ) mypw->pw_dir = Dir;
  59.              if ( Passwd[0] != 0 )  {
  60. -                mkpasswd3(Passwd,Crypted, 100);
  61. +                mkpasswd3(Passwd,Crypted, sizeof(Crypted));
  62.                  mypw->pw_passwd = Crypted;
  63.  #ifdef CLEAR_PASS
  64.                  mypw->pw_clear_passwd = Passwd;
  65. --- a/vmysql.c	2020-02-25 17:49:48.779876000 +0100
  66. +++ b/vmysql.c	2020-02-25 17:48:49.386502000 +0100
  67. @@ -376,7 +376,7 @@
  68.   gid_t gid;
  69.   char dirbuf[200];
  70.   char quota[30];
  71. - char Crypted[100];
  72. + char Crypted[128];
  73.   int err;
  74.  
  75.      if ( (err=vauth_open_update()) != 0 ) return(err);
  76. @@ -410,7 +410,7 @@
  77.      }
  78.  
  79.      if ( pass[0] != 0 ) {
  80. -        mkpasswd3(pass,Crypted, 100);
  81. +        mkpasswd3(pass,Crypted, sizeof(Crypted));
  82.      } else {
  83.          Crypted[0] = 0;
  84.      }
  85. --- a/voracle.pc	2011-02-28 18:00:45.000000000 +0100
  86. +++ b/voracle.pc	2020-02-25 17:48:41.961576000 +0100
  87. @@ -321,7 +321,7 @@
  88.   gid_t gid;
  89.   char dirbuf[200];
  90.   char quota[30];
  91. - char Crypted[100];
  92. + char Crypted[128];
  93.   int err;
  94.  
  95.      if ( (err=vauth_open_update()) != 0 ) return(err);
  96. @@ -355,7 +355,7 @@
  97.      }
  98.  
  99.      if ( pass[0] != 0 ) {
  100. -        mkpasswd3(pass,Crypted, 100);
  101. +        mkpasswd3(pass,Crypted, sizeof(Crypted));
  102.      } else {
  103.          Crypted[0] = 0;
  104.      }
  105. --- a/vpgsql.c	2020-02-25 17:49:48.782546000 +0100
  106. +++ b/vpgsql.c	2020-02-25 17:48:33.426363000 +0100
  107. @@ -208,7 +208,7 @@
  108.    gid_t gid;
  109.    char dirbuf[200];
  110.    char quota[30];
  111. -  char Crypted[100];
  112. +  char Crypted[128];
  113.    int err;
  114.    PGresult *pgres;
  115.  
  116. @@ -245,7 +245,7 @@
  117.    }
  118.  
  119.    if ( pass[0] != 0 ) {
  120. -    mkpasswd3(pass,Crypted, 100);
  121. +    mkpasswd3(pass,Crypted, sizeof(Crypted));
  122.    } else {
  123.      Crypted[0] = 0;
  124.    }
  125. --- a/vpopmail.c	2020-02-25 17:49:48.784496000 +0100
  126. +++ b/vpopmail.c	2020-02-25 17:34:02.502868000 +0100
  127. @@ -45,7 +45,7 @@
  128.  #include "storage.h"
  129.  
  130.  #ifndef MD5_PASSWORDS
  131. -#define MAX_PW_CLEAR_PASSWD 8
  132. +//#define MAX_PW_CLEAR_PASSWD 8
  133.  #endif
  134.  
  135.  #ifdef VPOPMAIL_DEBUG
  136. @@ -820,7 +820,7 @@
  137.  int mkpasswd3( char *clearpass, char *crypted, int ssize )
  138.  {
  139.   char *tmpstr;
  140. - char salt[12];
  141. + char salt[21];
  142.   static int seeded = 0;
  143.  
  144.   if (!seeded) {
  145. @@ -842,9 +842,28 @@
  146.    salt[10] = randltr();
  147.    salt[11] = 0;
  148.  #else
  149. -  salt[0] = randltr();
  150. -  salt[1] = randltr();
  151. -  salt[2] = 0;
  152. +  // salt is 16 characters
  153. +  salt[0] = '$';
  154. +  salt[1] = '6';
  155. +  salt[2] = '$';
  156. +  salt[3] = randltr();
  157. +  salt[4] = randltr();
  158. +  salt[5] = randltr();
  159. +  salt[6] = randltr();
  160. +  salt[7] = randltr();
  161. +  salt[8] = randltr();
  162. +  salt[9] = randltr();
  163. +  salt[10] = randltr();
  164. +  salt[11] = randltr();
  165. +  salt[12] = randltr();
  166. +  salt[13] = randltr();
  167. +  salt[14] = randltr();
  168. +  salt[15] = randltr();
  169. +  salt[16] = randltr();
  170. +  salt[17] = randltr();
  171. +  salt[18] = randltr();
  172. +  salt[19] = '$';
  173. +  salt[20] = 0;
  174.  #endif
  175.  
  176.    tmpstr = crypt(clearpass,salt);
  177. --- a/vpopmaild.c	2011-02-28 18:00:45.000000000 +0100
  178. +++ b/vpopmaild.c	2020-02-25 17:38:24.578490000 +0100
  179. @@ -555,7 +555,7 @@
  180.  
  181.  int mod_user()
  182.  {
  183. - char Crypted[64];
  184. + char Crypted[128];
  185.   char *email_address;
  186.   char *param;
  187.   char *value;
  188.