The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


imapd/ipop3d coredump - the patch.


<< Previous INDEX Search src Set bookmark Go to bookmark Next >> 
X-RDate: Fri, 06 Feb 1998 12:41:27 +0500 (ESK)
Date: Thu, 5 Feb 1998 09:45:38 +0200
From: "raf@licj..... (Bugtraq Mirror)" <bugtraq@LICJ.SOROSCJ.RO>
To: BUGTRAQ@NETSPACE.ORG
Subject: imapd/ipop3d coredump - the patch.

The patch corrects the coredump error in both imapd and ipop3d (the pine
version of pop3 server). Patch is against pine 3.96:

root@feu:~/src/pine3.96/imap/ANSI/c-client# diff -ru log_lnx.c.orig
log_lnx.c
--- log_lnx.c.orig      Tue May  2 00:08:20 1995
+++ log_lnx.c   Thu Feb  5 08:49:31 1998
@@ -55,7 +55,8 @@
                                /* allow case-independent match */
   if (!pw) pw = getpwnam (lcase (strcpy (tmp,user)));
                                /* no entry for this user or root */
-  if (!(pw && pw->pw_uid)) return NIL;
+  if (!(pw)) return NIL;
+  if (!(pw->pw_uid)) return NIL;
   if(!(spw = getspnam (pw->pw_name))) return NIL;
                                /* validate password */
   if (strcmp (spw->sp_pwdp,(char *) pw_encrypt(pass,spw->sp_pwdp))) return NIL;
root@feu:~/src/pine3.96/imap/ANSI/c-client#

... why do we need "optimisations" when authentificating users ???? :)
and btw: in original version root was still able to log in...

---
Radu-Adrian Feurdean

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру