From e24ebd7cbd49641b5d853d3f335bdfee4f3dcb19 Mon Sep 17 00:00:00 2001
From: Enno Rehling <enno@kn-bremen.de>
Date: Thu, 28 Feb 2019 10:32:08 +0100
Subject: [PATCH] do not fail on malformed passwords

---
 process/epasswd.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/process/epasswd.py b/process/epasswd.py
index 20109b9ba..496eb8331 100755
--- a/process/epasswd.py
+++ b/process/epasswd.py
@@ -69,7 +69,12 @@ class EPasswd:
     def check(self, id, passwd):
         pw = self.get_passwd(id)
         if pw[0:4]=='$2a$' or pw[0:4]=='$2y$':
-            return bcrypt.checkpw(passwd.encode('utf8'), pw.encode('utf8'))
+            try:
+                h1 = pw.encode('utf8')
+                h2 = passwd.encode('utf8')
+                return bcrypt.checkpw(h1, h2)
+            except:
+                return False
         return pw == passwd
 
     def get_passwd(self, id):