diff options
| author | Junio C Hamano <gitster@pobox.com> | 2021-10-12 13:51:48 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-10-12 13:51:48 -0700 |
| commit | b59c06092f2ed8f434ffe298bf55578dffb18cca (patch) | |
| tree | f7e2ea033a93908e729d2a353a1a1992bef2d97b /git-cvsserver.perl | |
| parent | c365967f217de9f90ba0c6005e65269388540ddb (diff) | |
| parent | 4b81f690f63111586dc28e7ec103179b98c286bc (diff) | |
| download | git-b59c06092f2ed8f434ffe298bf55578dffb18cca.tar.gz | |
Merge branch 'cb/cvsserver' into maint
"git cvsserver" had a long-standing bug in its authentication code,
which has finally been corrected (it is unclear and is a separate
question if anybody is seriously using it, though).
* cb/cvsserver:
Documentation: cleanup git-cvsserver
git-cvsserver: protect against NULL in crypt(3)
git-cvsserver: use crypt correctly to compare password hashes
Diffstat (limited to 'git-cvsserver.perl')
| -rwxr-xr-x | git-cvsserver.perl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/git-cvsserver.perl b/git-cvsserver.perl index ed035f32c2..64319bed43 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -222,10 +222,11 @@ if ($state->{method} eq 'pserver') { open my $passwd, "<", $authdb or die $!; while (<$passwd>) { if (m{^\Q$user\E:(.*)}) { - if (crypt($user, descramble($password)) eq $1) { + my $hash = crypt(descramble($password), $1); + if (defined $hash and $hash eq $1) { $auth_ok = 1; } - }; + } } close $passwd; |