[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug in pop3d/user.c, imap4d/login.c
From: |
Sergey Poznyakoff |
Subject: |
bug in pop3d/user.c, imap4d/login.c |
Date: |
Wed, 23 May 2001 14:24:37 +0300 |
Hello,
Both sources attempt to dereference the return value of getpwnam()
without checking for NULL. The grief occurs when pam_authenticate
returns Ok, but the user is not in the system password database.
ChangeLog:
* pop3d/user.c, imap4d/login.c: check for NULL return
from getpwnam()
Patch:
Index: imap4d/login.c
===================================================================
RCS file: /cvs/mailutils/imap4d/login.c,v
retrieving revision 1.14
diff -p -u -r1.14 login.c
--- imap4d/login.c 2001/05/13 04:10:54 1.14
+++ imap4d/login.c 2001/05/23 10:41:25
@@ -101,9 +101,11 @@ imap4d_login (struct imap4d_command *com
return util_finish (command, RESP_NO, "Too many args");
pw = getpwnam (username);
+ if (pw == NULL)
+ return util_finish (command, RESP_NO, "User name or passwd rejected");
#ifndef USE_LIBPAM
- if (pw == NULL || pw->pw_uid < 1)
+ if (pw->pw_uid < 1)
return util_finish (command, RESP_NO, "User name or passwd rejected");
if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd)))
{
Index: pop3d/user.c
===================================================================
RCS file: /cvs/mailutils/pop3d/user.c,v
retrieving revision 1.16
diff -p -u -r1.16 user.c
--- pop3d/user.c 2001/05/20 02:37:38 1.16
+++ pop3d/user.c 2001/05/23 10:41:55
@@ -134,8 +134,12 @@ pop3d_user (const char *arg)
#endif
pw = getpwnam (arg);
+ if (pw == NULL) {
+ syslog (LOG_INFO, "User '%s': unexistent user", arg);
+ return ERR_BAD_LOGIN;
+ }
#ifndef USE_LIBPAM
- if (pw == NULL || pw->pw_uid < 1)
+ if (pw->pw_uid < 1)
return ERR_BAD_LOGIN;
if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd)))
{
@@ -177,7 +181,7 @@ pop3d_user (const char *arg)
}
#endif /* USE_LIBPAM */
- if (pw != NULL && pw->pw_uid > 1)
+ if (pw->pw_uid > 1)
setuid (pw->pw_uid);
mailbox_name = calloc (strlen (_PATH_MAILDIR) + 1
Cheers,
Sergey
- bug in pop3d/user.c, imap4d/login.c,
Sergey Poznyakoff <=