From 0342dfef1d43a0f40bb8cdf4c5acbe2adca33ded Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Mon, 29 Apr 2013 13:08:23 +0000
Subject: [PATCH] [mod_auth] use crypt() on encrypted password instead of
 extracting salt first (fixes #2483)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2869 152afb58-edef-0310-8abb-c4023f1b3aa9
---
 NEWS            |  1 +
 src/http_auth.c | 55 ++++++++++---------------------------------------
 2 files changed, 12 insertions(+), 44 deletions(-)

diff --git a/NEWS b/NEWS
index a58cfba5..bbbf398e 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ NEWS
   * [mod_fastcgi,log] support multi line logging (fixes #2252)
   * call ERR_clear_error only for ssl connections in CON_STATE_ERROR
   * reject non ASCII characters in HTTP header names
+  * [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483)
 
 - 1.4.32 - 2012-11-21
   * Code cleanup with clang/sparse (fixes #2437, thx kibi)
diff --git a/src/http_auth.c b/src/http_auth.c
index d7d246bf..451d5d70 100644
--- a/src/http_auth.c
+++ b/src/http_auth.c
@@ -645,56 +645,23 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
 			return (strcmp(sample, password->ptr) == 0) ? 0 : 1;
 		} else {
 #ifdef HAVE_CRYPT
-		char salt[32];
-		char *crypted;
-		size_t salt_len = 0;
-		/*
-		 * htpasswd format
-		 *
-		 * user:crypted password
-		 */
+			char *crypted;
 
-		/*
-		 *  Algorithm      Salt
-		 *  CRYPT_STD_DES   2-character (Default)
-		 *  CRYPT_EXT_DES   9-character
-		 *  CRYPT_MD5       12-character beginning with $1$
-		 *  CRYPT_BLOWFISH  16-character beginning with $2$
-		 */
-
-		if (password->used < 13 + 1) {
-			return -1;
-		}
-
-		if (password->used == 13 + 1) {
-			/* a simple DES password is 2 + 11 characters */
-			salt_len = 2;
-		} else if (password->ptr[0] == '$' && password->ptr[2] == '$') {
-			char *dollar = NULL;
-
-			if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
+			/* a simple DES password is 2 + 11 characters. everything else should be longer. */
+			if (password->used < 13 + 1) {
 				return -1;
 			}
 
-			salt_len = dollar - password->ptr;
-		}
-
-		if (salt_len > sizeof(salt) - 1) {
-			return -1;
-		}
-
-		strncpy(salt, password->ptr, salt_len);
-
-		salt[salt_len] = '\0';
-
-		crypted = crypt(pw, salt);
-
-		if (0 == strcmp(password->ptr, crypted)) {
-			return 0;
-		}
+			if (0 == (crypted = crypt(pw, password->ptr))) {
+				/* crypt failed. */
+				return -1;
+			}
 
+			if (0 == strcmp(password->ptr, crypted)) {
+				return 0;
+			}
 #endif
-	}
+		}
 	} else if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) {
 		if (0 == strcmp(password->ptr, pw)) {
 			return 0;