git:master:42129d35: auth_ephemeral: test the lenghts for compared passwords - sr-dev

3 May 2019

Module: kamailio
Branch: master
Commit: 42129d35e4510092266322168f68f3019d28bdb8
URL: https://github.com/kamailio/kamailio/commit/42129d35e4510092266322168f68f301...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2019-05-03T11:53:15+02:00
auth_ephemeral: test the lenghts for compared passwords
---
Modified: src/modules/auth_ephemeral/authorize.c
---
Diff:  https://github.com/kamailio/kamailio/commit/42129d35e4510092266322168f68f301...
Patch: https://github.com/kamailio/kamailio/commit/42129d35e4510092266322168f68f301...
---

diff --git a/src/modules/auth_ephemeral/authorize.c b/src/modules/auth_ephemeral/authorize.c
index 216332b321..bb92a4a219 100644
--- a/src/modules/auth_ephemeral/authorize.c
+++ b/src/modules/auth_ephemeral/authorize.c
@@ -523,8 +523,9 @@ int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword)
    	{
    		LM_DBG("generated password: %.*s\n",
    			sgenerated_password.len, sgenerated_password.s);
-			if (strncmp(spassword->s, sgenerated_password.s,
-					spassword->len) == 0)
+			if (spassword->len == sgenerated_password.len
+					&& strncmp(spassword->s, sgenerated_password.s,
+						spassword->len) == 0)
    		{
    			SECRET_UNLOCK;
    			return AUTH_OK;

    