[6077] in bugtraq
Re: imapd/ipop3d coredump - the patch.
daemon@ATHENA.MIT.EDU (Michael Douglass)
Thu Feb 5 13:53:51 1998
Date: Thu, 5 Feb 1998 11:42:31 -0600
Reply-To: Michael Douglass <mikedoug@TEXAS.NET>
From: Michael Douglass <mikedoug@TEXAS.NET>
X-To: "raf@licj..... (Bugtraq Mirror)" <bugtraq@LICJ.SOROSCJ.RO>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980205092902.18156A-100000@licj.soroscj.ro>; from
raf@licj..... (Bugtraq Mirror) on Thu, Feb 05,
1998 at 09:45:38AM +0200
On Thu, Feb 05, 1998 at 09:45:38AM +0200, raf@licj..... (Bugtraq Mirror) said:
> - if (!(pw && pw->pw_uid)) return NIL;
> + if (!(pw)) return NIL;
> + if (!(pw->pw_uid)) return NIL;
> ... why do we need "optimisations" when authentificating users ???? :)
> and btw: in original version root was still able to log in...
You are very incorrect here. Both your version and the original
version do the exact same thing: If pw = valid_addr && pw->pw_uid
= 0 then it would return NIL; which would deny root.
However, the _readable_ way to write this would be:
if( !pw || !pw->pw_uid ) return NIL;
This stops if pw is not valid or if pw->pw_uid is 0. This is exactly
the same as the frist statement since:
!(A && B) == !A || !B
...only much more readable.
--
Michael Douglass
Texas Networking, Inc.
<tnet admin> anyway, I'm off, perl code is making me [a] crosseyed toady
