Patch from Sergey.
Showing
4 changed files
with
20 additions
and
4 deletions
| 1 | 2001-05-23 Sergey Poznyakoff | ||
| 2 | |||
| 3 | * pop3d/user.c: check for NULL return from getpwnam() | ||
| 4 | * imap4d/login.c: Likewised. | ||
| 5 | |||
| 1 | 2001-05-21 Alain Magloire | 6 | 2001-05-21 Alain Magloire |
| 2 | 7 | ||
| 3 | GNU md5 is GPL, but we agreed that the libraries should | 8 | GNU md5 is GPL, but we agreed that the libraries should | ... | ... |
| ... | @@ -101,9 +101,11 @@ imap4d_login (struct imap4d_command *command, char *arg) | ... | @@ -101,9 +101,11 @@ imap4d_login (struct imap4d_command *command, char *arg) |
| 101 | return util_finish (command, RESP_NO, "Too many args"); | 101 | return util_finish (command, RESP_NO, "Too many args"); |
| 102 | 102 | ||
| 103 | pw = getpwnam (username); | 103 | pw = getpwnam (username); |
| 104 | if (pw == NULL) | ||
| 105 | return util_finish (command, RESP_NO, "User name or passwd rejected"); | ||
| 104 | 106 | ||
| 105 | #ifndef USE_LIBPAM | 107 | #ifndef USE_LIBPAM |
| 106 | if (pw == NULL || pw->pw_uid < 1) | 108 | if (pw->pw_uid < 1) |
| 107 | return util_finish (command, RESP_NO, "User name or passwd rejected"); | 109 | return util_finish (command, RESP_NO, "User name or passwd rejected"); |
| 108 | if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd))) | 110 | if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd))) |
| 109 | { | 111 | { | ... | ... |
| ... | @@ -396,7 +396,7 @@ static int | ... | @@ -396,7 +396,7 @@ static int |
| 396 | mbox_close (mailbox_t mailbox) | 396 | mbox_close (mailbox_t mailbox) |
| 397 | { | 397 | { |
| 398 | mbox_data_t mud = mailbox->data; | 398 | mbox_data_t mud = mailbox->data; |
| 399 | size_t i; | 399 | /* size_t i; */ |
| 400 | 400 | ||
| 401 | if (mud == NULL) | 401 | if (mud == NULL) |
| 402 | return EINVAL; | 402 | return EINVAL; |
| ... | @@ -407,6 +407,9 @@ mbox_close (mailbox_t mailbox) | ... | @@ -407,6 +407,9 @@ mbox_close (mailbox_t mailbox) |
| 407 | locker_unlock (mailbox->locker); | 407 | locker_unlock (mailbox->locker); |
| 408 | 408 | ||
| 409 | #if 0 | 409 | #if 0 |
| 410 | /* RFC: I'm not sure on the right approach especially if the client is | ||
| 411 | working in disconnected mode, where it can mailbox_close/mailbox_open | ||
| 412 | for each request, maybe we should keep them for a while. */ | ||
| 410 | monitor_wrlock (mailbox->monitor); | 413 | monitor_wrlock (mailbox->monitor); |
| 411 | /* Before closing we need to remove all the messages | 414 | /* Before closing we need to remove all the messages |
| 412 | - to reclaim the memory | 415 | - to reclaim the memory | ... | ... |
| ... | @@ -134,8 +134,14 @@ pop3d_user (const char *arg) | ... | @@ -134,8 +134,14 @@ pop3d_user (const char *arg) |
| 134 | #endif | 134 | #endif |
| 135 | 135 | ||
| 136 | pw = getpwnam (arg); | 136 | pw = getpwnam (arg); |
| 137 | if (pw == NULL) | ||
| 138 | { | ||
| 139 | syslog (LOG_INFO, "User '%s': nonexistent", arg); | ||
| 140 | return ERR_BAD_LOGIN; | ||
| 141 | } | ||
| 142 | |||
| 137 | #ifndef USE_LIBPAM | 143 | #ifndef USE_LIBPAM |
| 138 | if (pw == NULL || pw->pw_uid < 1) | 144 | if (pw->pw_uid < 1) |
| 139 | return ERR_BAD_LOGIN; | 145 | return ERR_BAD_LOGIN; |
| 140 | if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd))) | 146 | if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd))) |
| 141 | { | 147 | { |
| ... | @@ -177,7 +183,7 @@ pop3d_user (const char *arg) | ... | @@ -177,7 +183,7 @@ pop3d_user (const char *arg) |
| 177 | } | 183 | } |
| 178 | #endif /* USE_LIBPAM */ | 184 | #endif /* USE_LIBPAM */ |
| 179 | 185 | ||
| 180 | if (pw != NULL && pw->pw_uid > 1) | 186 | if (pw->pw_uid > 1) |
| 181 | setuid (pw->pw_uid); | 187 | setuid (pw->pw_uid); |
| 182 | 188 | ||
| 183 | mailbox_name = calloc (strlen (_PATH_MAILDIR) + 1 | 189 | mailbox_name = calloc (strlen (_PATH_MAILDIR) + 1 | ... | ... |
-
Please register or sign in to post a comment