[6072] in bugtraq
imapd/ipop3d coredump - the patch.
daemon@ATHENA.MIT.EDU (raf@licj..... (Bugtraq Mirror))
Thu Feb 5 11:25:32 1998
Date: Thu, 5 Feb 1998 09:45:38 +0200
Reply-To: "raf@licj..... (Bugtraq Mirror)" <bugtraq@LICJ.SOROSCJ.RO>
From: "raf@licj..... (Bugtraq Mirror)" <bugtraq@LICJ.SOROSCJ.RO>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980202000721.11156C-100000@zopie.attic.vuurwerk.nl>
The patch corrects the coredump error in both imapd and ipop3d (the pine
version of pop3 server). Patch is against pine 3.96:
root@feu:~/src/pine3.96/imap/ANSI/c-client# diff -ru log_lnx.c.orig
log_lnx.c
--- log_lnx.c.orig Tue May 2 00:08:20 1995
+++ log_lnx.c Thu Feb 5 08:49:31 1998
@@ -55,7 +55,8 @@
/* allow case-independent match */
if (!pw) pw = getpwnam (lcase (strcpy (tmp,user)));
/* no entry for this user or root */
- if (!(pw && pw->pw_uid)) return NIL;
+ if (!(pw)) return NIL;
+ if (!(pw->pw_uid)) return NIL;
if(!(spw = getspnam (pw->pw_name))) return NIL;
/* validate password */
if (strcmp (spw->sp_pwdp,(char *) pw_encrypt(pass,spw->sp_pwdp))) return NIL;
root@feu:~/src/pine3.96/imap/ANSI/c-client#
... why do we need "optimisations" when authentificating users ???? :)
and btw: in original version root was still able to log in...
---
Radu-Adrian Feurdean
