[sr-dev] git:5.2:7fd6ca67: auth_ephemeral: test the lenghts for compared passwords

Daniel-Constantin Mierla miconda at gmail.com
Fri May 3 11:55:19 CEST 2019


Module: kamailio
Branch: 5.2
Commit: 7fd6ca67616077fb8aab4a279c8b251de94b4a95
URL: https://github.com/kamailio/kamailio/commit/7fd6ca67616077fb8aab4a279c8b251de94b4a95

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2019-05-03T11:54:46+02:00

auth_ephemeral: test the lenghts for compared passwords

(cherry picked from commit 42129d35e4510092266322168f68f3019d28bdb8)

---

Modified: src/modules/auth_ephemeral/authorize.c

---

Diff:  https://github.com/kamailio/kamailio/commit/7fd6ca67616077fb8aab4a279c8b251de94b4a95.diff
Patch: https://github.com/kamailio/kamailio/commit/7fd6ca67616077fb8aab4a279c8b251de94b4a95.patch

---

diff --git a/src/modules/auth_ephemeral/authorize.c b/src/modules/auth_ephemeral/authorize.c
index 745f12d7ab..a70d451814 100644
--- a/src/modules/auth_ephemeral/authorize.c
+++ b/src/modules/auth_ephemeral/authorize.c
@@ -511,8 +511,9 @@ int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword)
 		{
 			LM_DBG("generated password: %.*s\n",
 				sgenerated_password.len, sgenerated_password.s);
-			if (strncmp(spassword->s, sgenerated_password.s,
-					spassword->len) == 0)
+			if (spassword->len == sgenerated_password.len
+					&& strncmp(spassword->s, sgenerated_password.s,
+						spassword->len) == 0)
 			{
 				SECRET_UNLOCK;
 				return AUTH_OK;




More information about the sr-dev mailing list