Patch from Sergey.

+2001-05-23  Sergey Poznyakoff
+
+	* pop3d/user.c: check for NULL return from getpwnam()
+	* imap4d/login.c: Likewised.
+
 2001-05-21  Alain Magloire
 
 	GNU md5 is GPL, but we agreed that the libraries should

@@ -101,9 +101,11 @@ imap4d_login (struct imap4d_command *command, char *arg)
     return util_finish (command, RESP_NO, "Too many args");
 
   pw = getpwnam (username);
+  if (pw == NULL)
+    return util_finish (command, RESP_NO, "User name or passwd rejected");
 
 #ifndef USE_LIBPAM
-  if (pw == NULL || pw->pw_uid < 1)
+  if (pw->pw_uid < 1)
     return util_finish (command, RESP_NO, "User name or passwd rejected");
   if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd)))
     {

@@ -396,7 +396,7 @@ static int
 mbox_close (mailbox_t mailbox)
 {
   mbox_data_t mud = mailbox->data;
-  size_t i;
+  /* size_t i; */
 
   if (mud == NULL)
     return EINVAL;
@@ -407,6 +407,9 @@ mbox_close (mailbox_t mailbox)
   locker_unlock (mailbox->locker);
 
 #if 0
+  /* RFC: I'm not sure on the right approach especially if the client is
+     working in disconnected mode, where it can mailbox_close/mailbox_open
+     for each request, maybe we should keep them for a while.  */
   monitor_wrlock (mailbox->monitor);
   /* Before closing we need to remove all the messages
      - to reclaim the memory

@@ -134,8 +134,14 @@ pop3d_user (const char *arg)
 #endif
 
       pw = getpwnam (arg);
+      if (pw == NULL)
+	{
+	  syslog (LOG_INFO, "User '%s': nonexistent", arg);
+	  return ERR_BAD_LOGIN;
+	}
+
 #ifndef USE_LIBPAM
-      if (pw == NULL || pw->pw_uid < 1)
+      if (pw->pw_uid < 1)
 	return ERR_BAD_LOGIN;
       if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd)))
 	{
@@ -177,7 +183,7 @@ pop3d_user (const char *arg)
       }
 #endif /* USE_LIBPAM */
 
-      if (pw != NULL && pw->pw_uid > 1)
+      if (pw->pw_uid > 1)
 	setuid (pw->pw_uid);
 
       mailbox_name  = calloc (strlen (_PATH_MAILDIR) + 1