From a25d3a4b63e1d8c53239bd715e291da908aee399 Mon Sep 17 00:00:00 2001
From: "Jean-Marc Pigeon (Delson)" <jmp@safe.ca>
Date: Tue, 8 Jul 2025 18:46:53 -0400
Subject: [PATCH] Double checked authentication with crypted password OK

---
 lib/lvleml.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/lib/lvleml.c b/lib/lvleml.c
index 0702fdc..edf8f26 100644
--- a/lib/lvleml.c
+++ b/lib/lvleml.c
@@ -400,12 +400,22 @@ while (proceed==true) {
         if (givenpass!=(char *)0) 
           *rmtpass=strdup(givenpass);
         if (usr->passwd[0]=='$') {
-          if ((givenpass=crypt(givenpass,usr->passwd))==(char *)0) {
-            (void) rou_alert(0,"%s Trouble to crypt (Bug?) pass=<%s> "
-                               "user=<%s> (error=<%s>)",
-                                OPEP,givenpass,usr->passwd,strerror(errno));
-            givenpass=data[2];      //trying to overcome
+          char *ptr;
+          char idsalt[100];
+         
+          (void) memset(idsalt,'\000',sizeof(idsalt));
+          (void) strncpy(idsalt,usr->passwd,sizeof(idsalt)-1);
+          if ((ptr=strrchr(idsalt,'$'))!=(char *)0) {
+            ptr++;
+            *ptr='\000';
             }
+          if ((ptr=crypt(givenpass,idsalt))==(char *)0) {
+            (void) rou_alert(0,"%s Trouble to crypt (Bug?) givenpass=<%s> "
+                               "salt=<%s> (error=<%s>)",
+                                OPEP,givenpass,idsalt,strerror(errno));
+            ptr=data[2]; //trying to overcome
+            }
+          givenpass=ptr;
           }
         isok=(strcmp(givenpass,usr->passwd)==0);
         usr=sql_freeusr(usr);
-- 
2.47.3