Sam Varshavchik <[EMAIL PROTECTED]> writes:
> H�vard Lygre writes:
>
>> This fix is very crude, all it does is check for NULLs before calling
>
> Your patch is broken.
>
> $ patch --dry-run -p0 </tmp/p
> patching file authmysqllib.c
> patch: **** malformed patch at line 89:
OK, I'll try again - same patch.
Just in case, it's available at
<url:http://www.lygre.org/courier-cvs-mysql-patch.diff> as well.
Applies cleanly to both CVS and courier-imap 1.7.0.
--- authmysqllib.c.orig 2003-01-26 22:21:05.000000000 +0100
+++ authmysqllib.c 2003-03-02 01:40:43.000000000 +0100
@@ -743,33 +743,48 @@
if (mysql_num_rows(result))
{
row = mysql_fetch_row (result);
+
+ if(!row[0] || !row[1] || !row[5] ||
+ !row[6] || !row[7])
+ {
+ mysql_free_result(result);
+ return(0);
+ }
+
ui.username=strdup(row[0]);
ui.cryptpw=strdup(row[1]);
- ui.clearpw=strdup(row[2]);
+
+ if(!row[2])
+ ui.clearpw = NULL;
+ else
+ ui.clearpw=strdup(row[2]);
+
+ /* TODO: atol returns zero on any failures, setting
+ * uid/gid to root/root(wheel,toor,whatever)
+ * This may not be what you want. Suggest replacing
+ * with strtol for error-checking.
+ */
ui.uid=atol(row[3]);
ui.gid=atol(row[4]);
ui.home=strdup(row[5]);
ui.maildir=strdup(row[6]);
ui.quota=strdup(row[7]);
- ui.fullname=strdup(row[8]);
- if (!ui.username || !ui.cryptpw ||
- !ui.home || !ui.maildir ||
- !ui.quota)
- {
- mysql_free_result(result);
- return (0);
- }
- if (!ui.cryptpw[0])
+ if(!row[8])
+ ui.fullname = strdup("\0");
+ else
+ ui.fullname=strdup(row[8]);
+
+ if (ui.cryptpw && !ui.cryptpw[0])
{
free(ui.cryptpw);
- ui.cryptpw=0;
+ ui.cryptpw = NULL;
}
- if (!ui.clearpw[0])
+ if (ui.clearpw && !ui.clearpw[0])
{
free(ui.clearpw);
- ui.clearpw=0;
+ ui.clearpw = NULL;
}
}
mysql_free_result(result);
--
H�vard Lygre, [EMAIL PROTECTED]
BLUG: http://blug.linux.no/ RFC1149: http://blug.linux.no/rfc1149/
