In vchkpw, you can statically compile in a list of IP addresses that are
to be treated as webmail connections for auth purposes.  However, the
traversal of the list do es a loop based on dividing the size of the
entire array by the size of the first element in the array.  Since IP
addresses can be anywhere from 8 characters (A.B.C.D\0) to 16 characters
(AAA.BBB.CCC.DDD\0), this makes it likely that any added addresses will
cause some sort of segfault, especially if several large (character-wise)
addresses are added (since the default, "" is only 10
characters).  This patch fixes it by NULL-terminating the list of strings,
and using that fact for bounds-checking in the for loop...

This bug has been present since at least 5.4.13, but my guess is that so
few people use this feature (I didn't even know about it until I was
walking the code earlier today checking on the connection types!) that
it's not likely to be hit very often.  Still, it's a bug, and so this
patch... :)  Also uploaded to SourceForge as bug #1630944.

Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
  - Layman's translation of the Laws of Thermodynamics

Reply via email to