$OpenBSD: patch-src_http_auth_c,v 1.7 2013/04/26 07:21:40 sthen Exp $

http://redmine.lighttpd.net/issues/2483

--- src/http_auth.c.orig	Wed Apr 24 20:34:34 2013
+++ src/http_auth.c	Wed Apr 24 21:23:34 2013
@@ -645,49 +645,13 @@ static int http_auth_basic_password_compare(server *sr
 			return (strcmp(sample, password->ptr) == 0) ? 0 : 1;
 		} else {
 #ifdef HAVE_CRYPT
-		char salt[32];
 		char *crypted;
-		size_t salt_len = 0;
-		/*
-		 * htpasswd format
-		 *
-		 * user:crypted password
-		 */
 
-		/*
-		 *  Algorithm      Salt
-		 *  CRYPT_STD_DES   2-character (Default)
-		 *  CRYPT_EXT_DES   9-character
-		 *  CRYPT_MD5       12-character beginning with $1$
-		 *  CRYPT_BLOWFISH  16-character beginning with $2$
-		 */
-
 		if (password->used < 13 + 1) {
 			return -1;
 		}
 
-		if (password->used == 13 + 1) {
-			/* a simple DES password is 2 + 11 characters */
-			salt_len = 2;
-		} else if (password->ptr[0] == '$' && password->ptr[2] == '$') {
-			char *dollar = NULL;
-
-			if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
-				return -1;
-			}
-
-			salt_len = dollar - password->ptr;
-		}
-
-		if (salt_len > sizeof(salt) - 1) {
-			return -1;
-		}
-
-		strncpy(salt, password->ptr, salt_len);
-
-		salt[salt_len] = '\0';
-
-		crypted = crypt(pw, salt);
+		crypted = crypt(pw, password->ptr);
 
 		if (0 == strcmp(password->ptr, crypted)) {
 			return 0;
