X-RDate: Fri, 06 Feb 1998 12:41:27 +0500 (ESK)
Date: Thu, 5 Feb 1998 09:45:38 +0200
From: "raf@licj..... (Bugtraq Mirror)" <[email protected]>
To: [email protected]Subject: imapd/ipop3d coredump - the patch.
The patch corrects the coredump error in both imapd and ipop3d (the pine
version of pop3 server). Patch is against pine 3.96:
root@feu:~/src/pine3.96/imap/ANSI/c-client# diff -ru log_lnx.c.orig
log_lnx.c
--- log_lnx.c.orig Tue May 2 00:08:20 1995
+++ log_lnx.c Thu Feb 5 08:49:31 1998
@@ -55,7 +55,8 @@
/* allow case-independent match */
if (!pw) pw = getpwnam (lcase (strcpy (tmp,user)));
/* no entry for this user or root */
- if (!(pw && pw->pw_uid)) return NIL;
+ if (!(pw)) return NIL;
+ if (!(pw->pw_uid)) return NIL;
if(!(spw = getspnam (pw->pw_name))) return NIL;
/* validate password */
if (strcmp (spw->sp_pwdp,(char *) pw_encrypt(pass,spw->sp_pwdp))) return NIL;
root@feu:~/src/pine3.96/imap/ANSI/c-client#
... why do we need "optimisations" when authentificating users ???? :)
and btw: in original version root was still able to log in...
---
Radu-Adrian Feurdean
