--- auth_mysql.c.orig	Mon Feb  4 11:42:28 2002
+++ auth_mysql.c	Mon Feb  4 11:42:52 2002
@@ -566,11 +566,11 @@
                             log_print(LOG_ERR, _("auth_mysql_new_user_pass: address@hidden has password type mysql, but hash is of incorrect length %d"), local_part, domain, n);
                             break;
                     }
-                } else if (strncmp(pwhash, "{md5}", 4) == 0 || *pwhash != '{') {
+                } else if (strncmp(pwhash, "{md5}", 5) == 0 || *pwhash != '{') {
                     /* Straight MD5 password. But this might be either in hex
                      * or base64 encoding. */
                     if (*pwhash == '{')
-                        pwhash += 4;
+                        pwhash += 5;
 
                     if (strlen(pwhash) == 32) {
                         /* Hex. */