[vchkpw] Error in checking password length

Riccardo Bini Fri, 17 Mar 2006 06:24:10 -0800

Patch for checking password length.
Bye
Rick


--- vpopmail.c  2005-05-23 18:12:36.000000000 +0200
+++ /home/rick/sorgenti/vpopmail-5.4.12/vpopmail.c      2006-03-17 
14:52:01.000000000 +0100
@@ -457,7 +457,11 @@
   if ( strlen(domain) > MAX_PW_DOMAIN ) return(VA_DOMAIN_NAME_TOO_LONG);
   if ( strlen(domain) < 3) return(VA_INVALID_DOMAIN_NAME);

+  if ( strlen(password) > MAX_PW_PASS )  return(VA_PASSWD_TOO_LONG);
+#ifdef CLEAR_PASS
   if ( strlen(password) > MAX_PW_CLEAR_PASSWD ) return(VA_PASSWD_TOO_LONG);
+#endif
+
   if ( strlen(gecos) > MAX_PW_GECOS )    return(VA_GECOS_TOO_LONG);

   umask(VPOPMAIL_UMASK);
@@ -1350,7 +1354,11 @@
   if ( strlen(username) == 1 ) return(VA_ILLEGAL_USERNAME);
 #endif
   if ( strlen(domain) > MAX_PW_DOMAIN ) return(VA_DOMAIN_NAME_TOO_LONG);
-  if ( strlen(password) > MAX_PW_CLEAR_PASSWD ) return(VA_PASSWD_TOO_LONG);
+
+  if ( strlen(password) > MAX_PW_PASS )  return(VA_PASSWD_TOO_LONG);
+#ifdef CLEAR_PASS
+    if ( strlen(password) > MAX_PW_CLEAR_PASSWD ) return(VA_PASSWD_TOO_LONG);
+#endif

   lowerit(username);
   lowerit(domain);

[vchkpw] Error in checking password length

Reply via email to