On Wed, 4 Oct 2006, g wrote: > while reusing the code in src/auths/pwcheck.c I noticed a potential > problem in saslauthd_verify_password > where towards the end you have: > > *reply = daemon_reply; > > that should be, like all other assignements: > > if (reply) > *reply = daemon_reply; > > I was hit by this while calling the function with a NULL reply.
As it happens, that function is never called with reply==NULL, but the code ought to be consistent, so I'll fix it. > I hope Philip you will not mind if I liberally take from that source > to develop an apache mod_authnz_sasl module (for apache2). Almost done.. Not at all - and in any case this is not my original code. :-) You might like to see what you make of the Carnegie-Mellon licence notice at the top of the file. <aside> You can tell that this is not my code because I would have written "if (reply != NULL)" rather than "if (reply)". I feel uncomfortable assuming that NULL is the same as zero - even though every C system in the world does it this way, I think. The standard says that NULL "expands to an implementation-defined null pointer constant". It doesn't say it has to be zero when cast to an int. I only write "if (variable)" when the variable is known to be a Boolean true/false value. Even for an integer I'd write "if (x != 0)". It's a pity that C conflates Booleans and integers. </aside> -- Philip Hazel University of Cambridge Computing Service Get the Exim 4 book: http://www.uit.co.uk/exim-book -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
