I've included a replacement for patch-saslauthd_auth_getpwent_c. If crypt()
fails
(because the pw->pw_passwd is "*") strcmp() fails when passed NULL. This is
happening
as my mail server is being probed for relay services. I have run this patch
for about
2 days without a problem where the original would loose a process within 2-3
hours (and
completely die within a day). I only use getpwent and have not examined the
other
methods for simular code.
Brad
*** saslauthd/auth_getpwent.c.orig Fri Oct 12 08:05:48 2012
--- saslauthd/auth_getpwent.c Sat Nov 18 14:28:47 2017
***************
*** 78,87 ****
/* VARIABLES */
struct passwd *pw; /* pointer to passwd file entry
*/
int errnum;
/* END VARIABLES */
errno = 0;
! pw = getpwnam(login);
errnum = errno;
endpwent();
--- 78,88 ----
/* VARIABLES */
struct passwd *pw; /* pointer to passwd file entry
*/
int errnum;
+ char *cr;
/* END VARIABLES */
errno = 0;
! pw = getpwnam_shadow(login);
errnum = errno;
endpwent();
***************
*** 105,111 ****
}
}
! if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password",
login);
}
--- 106,113 ----
}
}
! cr = crypt(password, pw->pw_passwd);
! if (cr == NULL || strcmp(pw->pw_passwd, (const char *)cr)) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password",
login);
}
