bug-mailutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug in pop3d/user.c, imap4d/login.c

From: Sergey Poznyakoff
Subject: bug in pop3d/user.c, imap4d/login.c
Date: Wed, 23 May 2001 14:24:37 +0300 
Hello,

Both sources attempt to dereference the return value of getpwnam()
without checking for NULL. The grief occurs when pam_authenticate
returns Ok, but the user is not in the system password database.

ChangeLog:
        * pop3d/user.c, imap4d/login.c: check for NULL return
          from getpwnam()

Patch:

Index: imap4d/login.c
===================================================================
RCS file: /cvs/mailutils/imap4d/login.c,v
retrieving revision 1.14
diff -p -u -r1.14 login.c
--- imap4d/login.c      2001/05/13 04:10:54     1.14
+++ imap4d/login.c      2001/05/23 10:41:25
@@ -101,9 +101,11 @@ imap4d_login (struct imap4d_command *com
     return util_finish (command, RESP_NO, "Too many args");
 
   pw = getpwnam (username);
+  if (pw == NULL)
+    return util_finish (command, RESP_NO, "User name or passwd rejected");
 
 #ifndef USE_LIBPAM
-  if (pw == NULL || pw->pw_uid < 1)
+  if (pw->pw_uid < 1)
     return util_finish (command, RESP_NO, "User name or passwd rejected");
   if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd)))
     {
Index: pop3d/user.c
===================================================================
RCS file: /cvs/mailutils/pop3d/user.c,v
retrieving revision 1.16
diff -p -u -r1.16 user.c
--- pop3d/user.c        2001/05/20 02:37:38     1.16
+++ pop3d/user.c        2001/05/23 10:41:55
@@ -134,8 +134,12 @@ pop3d_user (const char *arg)
 #endif
 
       pw = getpwnam (arg);
+      if (pw == NULL) {
+       syslog (LOG_INFO, "User '%s': unexistent user", arg);
+       return ERR_BAD_LOGIN;
+      }
 #ifndef USE_LIBPAM
-      if (pw == NULL || pw->pw_uid < 1)
+      if (pw->pw_uid < 1)
        return ERR_BAD_LOGIN;
       if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd)))
        {
@@ -177,7 +181,7 @@ pop3d_user (const char *arg)
       }
 #endif /* USE_LIBPAM */
 
-      if (pw != NULL && pw->pw_uid > 1)
+      if (pw->pw_uid > 1)
        setuid (pw->pw_uid);
 
       mailbox_name  = calloc (strlen (_PATH_MAILDIR) + 1


Cheers,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]