Origninator: Chris Forrest
Synopsis: anonymous, SOLARIS, crypt passed NULL, bye bye CVS
>Release: cvs-1.10
>Environment:
<machine, os, target, libraries (multiple lines)>
System: SunOS zeus 5.6 Generic_105181-15 sun4u sparc
SUNW,Ultra-Enterprise
Architecture: sun4
>Description:
To whom it may concern-
I hate to put in a dumb bug that has probably been fixed, however it
appears that there is a problem (either in documentation, or in code).
1. Documentation bug maybe(?)
Within the CVS documentation supplied at the following
web site : http://www.cvshome.org/docs/manual/cvs_2.html#SEC26 ,
it states " CVS username, optional password, ".
It later states "The first line in the example [anonymous]
will grant access ... no matter what password they use,
including an empty password.
BUG: Is this correct? If so, then read on. Else bug
2. Anonymous access test
I tried logging into the above machine remotely using the
anonymous: line within CVSROOT/passwd. Within
pserver_authenticate_connection (), check_password() is called.
Within check_password(), check_repository_password() is called.
Within check_repository_password(), the anonymous username is
found..
The found_password variable is NULL! (since there is nothing after
the optional password). found_password is passed directly into
crypt() which causes a SEGFAULT.
I do not know if this is a problem with crypt, however it
appears that crypt doesn't like NULL parameters. Therefore this
is a bug (in the case that item #1 is correct).
I tried looking for information, (even checked newsgroups), however no
information about this. So, I am reporting this as a bug.
Hope I am not repeating work.. Sorry,
Chris Forrest
