In the MySQL authentication daemon there are a few calls to strdup on
unchecked strings - this causes SIGSEGVs if those fields are empty in
the database.
This fix is very crude, all it does is check for NULLs before calling
strdup. I'm setting ui.fullname to the NULL string because I haven't
looked at the calling code to see how it would react to a NULL pointer
- that strdup should maybe be replaced by a NULL.
Neither have I looked at why ui.quota needs to be set (even if only to
a NULL string) - gut instinct tells me it should be allowed to be a
NULL pointer if quotas are not in use.
I expect the ui.uid and ui.gid fields are used to set the uid and gid
of the pop3-daemon while accessing the mailboxes. There might be a
problem there as atol will return 0 (zero) on all failures, so the
daemons will access the mailboxes as root (unless there are safeguards
elsewhere). This may not be a problem, but it may also not be what
you want - I suggest replacing the calls to atol with strtol, which
has error-checking, and can deny the login. (I was bitten by this
today when upgrading to 0.41.0, which uses a different field-ordering
in the MYSQL_SELECT_CLAUSE - while the comments in the authmysqlrc-file
are ambiguous, as both the old and new format are mentioned as legal)
--- authmysqllib.c.orig 2003-01-26 22:21:05.000000000 +0100
+++ authmysqllib.c 2003-03-02 01:40:43.000000000 +0100
@@ -743,33 +743,48 @@
if (mysql_num_rows(result))
{
row = mysql_fetch_row (result);
+
+ if(!row[0] || !row[1] || !row[5] ||
+ !row[6] || !row[7])
+ {
+ mysql_free_result(result);
+ return(0);
+ }
+
ui.username=strdup(row[0]);
ui.cryptpw=strdup(row[1]);
- ui.clearpw=strdup(row[2]);
+
+ if(!row[2])
+ ui.clearpw = NULL;
+ else
+ ui.clearpw=strdup(row[2]);
+
ui.uid=atol(row[3]);
ui.gid=atol(row[4]);
ui.home=strdup(row[5]);
ui.maildir=strdup(row[6]);
ui.quota=strdup(row[7]);
- ui.fullname=strdup(row[8]);
- if (!ui.username || !ui.cryptpw ||
- !ui.home || !ui.maildir ||
- !ui.quota)
- {
- mysql_free_result(result);
- return (0);
- }
- if (!ui.cryptpw[0])
+ if(!row[8])
+ ui.fullname = strdup("\0");
+ else
+ ui.fullname=strdup(row[8]);
+
+ if (ui.cryptpw && !ui.cryptpw[0])
{
free(ui.cryptpw);
- ui.cryptpw=0;
+ ui.cryptpw = NULL;
}
- if (!ui.clearpw[0])
+ if (ui.clearpw && !ui.clearpw[0])
{
free(ui.clearpw);
- ui.clearpw=0;
+ ui.clearpw = NULL;
}
}
mysql_free_result(result);
--
H�vard Lygre, [EMAIL PROTECTED]
BLUG: http://blug.linux.no/ RFC1149: http://blug.linux.no/rfc1149/
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
