----- Original Message ----- 
To: "Tom Collins" <[EMAIL PROTECTED]>
Cc: "vpopmail list" <[EMAIL PROTECTED]>
Sent: Monday, September 15, 2003 6:09 PM
Subject: Re: [vchkpw] imap before smtp

> On Thu, Sep 11, 2003 at 01:40:02PM -0700, Tom Collins wrote:
> > >mr. varshavchik addressed this on the sqwebmail mailing list:
> >
> > >http://www.mail-archive.com/[EMAIL PROTECTED]/msg06068.html
> > >
> > >it's a lovely little rant.
> >
> > As of vpopmail 5.3.8, the buffers are cleared properly and the
> > authdaemon has worked just fine.  A beta 5.2.2 release is on
> > SourceForge with the same fix in place.
>   Is there any change between 5.3.5 and 5.3.8 that is relevant to this?
> It is not obvious from the ChangeLog.  I've been running 5.2.1 and
> authdaemon with just the parse_email() patch (I am the author of the
> patch) without any problems.  We have a very small installation though.
>   Also my patch doesn't clear the buffer, just making sure that the
> buffer is always terminated properly.  Let me know if I am missing
> something.

Hi Tim

Your updates to parse_email() that were included with vpopmail-5.3.5 is
definitely the solution to the courier problem

As you say, prior to your fix, the username string was not getting null
terminated correctly.

The incorrect null termination resulted in problems for courier-imap when
running --with-authdaemon. This is because authdaemon runs persistently,
rather than running once per auth request.

Typically the vpopmail code isnt run in a persistent fashion. The vpopmail
tools such as vchkpw (or courier-imap --without-authdaemon) only run once
per auth request, so the incorrect termination issue never really caused a
problem because the string buffers would always be created/initialised from
scratch for each auth.

But when you ran courier --with-authdaemon, the same string buffers being
used over and over again, and the incorrectly terminated username field
would result in auth failure as soon as a shorter username came through than
the previous username.


Reply via email to