|
|
@@ -17,6 +17,7 @@ import "C"
|
|
|
|
|
|
// EPasswordIncorrect is a password verification failure error
|
|
|
var EPasswordIncorrect = errors.New("passwords do not match")
|
|
|
+var EBadPasswordFormat = errors.New("bad password format")
|
|
|
|
|
|
// Crypt wraps C library crypt_r
|
|
|
func Crypt(Password, Salt string) (*string, error) {
|
|
|
@@ -54,6 +55,9 @@ func CompareHashAndPassword(Hash, Password string) error {
|
|
|
}
|
|
|
// Split salt from password
|
|
|
HashItems := strings.SplitN(Hash, "$", 4)
|
|
|
+ if len(HashItems) < 3 {
|
|
|
+ return EBadPasswordFormat
|
|
|
+ }
|
|
|
Salt := "$" + HashItems[1] + "$" + HashItems[2] + "$"
|
|
|
|
|
|
hash, err := Crypt(Password, Salt)
|
Bozhin Zafirov