If the backend server in a murder advertises no mechanisms in its
capability string (say, if it's expecting a STARTTLS before offering
PLAIN), the proxyd will seg fault. This is due to an xstrdup call on
a NULL pointer (as returned from backend.c:ask_capability()). This
patch simply checks for the NULL condition and replaces it with an
empty string.
Bug submitted with patch as 3166.
https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3166
Michael Bacon
ITS Messaging
UNC Chapel Hill
--- backend.c.1off Sun Jul 5 23:35:47 2009
+++ backend.c Mon Jul 6 00:02:55 2009
@@ -457,8 +457,14 @@
if ((server[0] != '/') ||
(strcmp(prot->sasl_service, "lmtp") &&
strcmp(prot->sasl_service, "csync"))) {
- char *mlist = xstrdup(mechlist); /* backend_auth is
destructive */
+ char *mlist;
+ if (mechlist != NULL) {
+ mlist = xstrdup(mechlist); /* backend_auth is destructive */
+ } else {
+ mlist = xstrdup("");
+ }
+
if ((r = backend_authenticate(ret, prot, &mlist, userid,
cb, auth_status))) {
syslog(LOG_ERR, "couldn't authenticate to backend server:
%s",
