fixed possible overflow in password-salt handling

(reported on slashdot by james-web@and.org) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@871 152afb58-edef-0310-8abb-c4023f1b3aa9
18 years ago · ad7d85b7f5
parent 2cc4f96765
commit ad7d85b7f5
1 changed files with 1 additions and 1 deletions
--- a/src/http_auth.c
+++ b/src/http_auth.c
@ -481,7 +481,7 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
 			salt_len = dollar - password->ptr;
 		}

-		if (salt_len - 1 > sizeof(salt)) {
+		if (salt_len > sizeof(salt) - 1) {
 			fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
 			return -1;
 		}