diff options
author | Jim Mock <jim@FreeBSD.org> | 2001-03-28 20:51:19 +0000 |
---|---|---|
committer | Jim Mock <jim@FreeBSD.org> | 2001-03-28 20:51:19 +0000 |
commit | 1096d5b2bd44332ce814c60c18e31c7e0d97869d (patch) | |
tree | 1f5e72ed1082356426f0677040979e09d4343856 | |
parent | Update to version 1.3 (diff) |
Fix the following from the PR:
First, teapop fails to authentificate user if he logs in without
specifying his domain (pop_auth calls pop_string_find and tests its
result against being NULL, while NULL is returned only upon malloc()
failures. On empty domain logins pop_string_find returns empty
string). This makes APOP login method to always fail as teapop
erroneously interprets command APOP avn
d41d8cd98f00b204e9800998ecf8427e as an attempt of login for user
avn@d41d8cd98f00b204e9800998ecf8427e without supplying MD5 hash
value. Instead, return value should be tested against being empty
string, while positive test for NULL should cause pop3 server error
message to be printed.
Second, if configured with WITHOUT_APOP arguments to 'make install',
teapop incorrectly handles QUIT command while in authentification
state. It's because a part of switch statement became commented out
and there will be no branch for return value from
pop_wait_for_commands with command "QUIT" (it will return 3, not 4
when configured without APOP).
PR: 26181
Submitted by: Alexey V. Neyman <avn@any.ru>
-rw-r--r-- | mail/teapop-devel/files/patch-ab | 30 | ||||
-rw-r--r-- | mail/teapop/files/patch-ab | 30 |
2 files changed, 60 insertions, 0 deletions
diff --git a/mail/teapop-devel/files/patch-ab b/mail/teapop-devel/files/patch-ab new file mode 100644 index 000000000000..aad97bbbecfe --- /dev/null +++ b/mail/teapop-devel/files/patch-ab @@ -0,0 +1,30 @@ +--- teapop/pop_auth.c.orig Mon Nov 13 02:03:11 2000 ++++ teapop/pop_auth.c Wed Mar 28 23:58:33 2001 +@@ -111,7 +111,11 @@ + #endif /* ALLOW_APOP */ + pop_cmd_capa(NULL, pinfo); + continue; ++#ifdef ALLOW_APOP + case 4: ++#else ++ case 3: ++#endif /* ALLOW_APOP */ + return 1; + } + /* If we get this far we have a good USER or APOP */ +@@ -158,7 +162,14 @@ + + #ifdef VPOP + ptr = pop_string_find(pinfo->userid, DIVIDERS); +- if (ptr != NULL) { ++ if (ptr == NULL) { ++ syslog(LOG_ERR, "pop_auth: malloc failure"); ++ pop_socket_send(pinfo->out, "%s %s", POP_ERR, ++ POP_WRONG); ++ exit(0); ++ } ++ if (*ptr != '\0') { ++ /* domain delimiters found */ + strcpy(pinfo->domain, ptr+1); + *ptr = '\0'; + } else diff --git a/mail/teapop/files/patch-ab b/mail/teapop/files/patch-ab new file mode 100644 index 000000000000..aad97bbbecfe --- /dev/null +++ b/mail/teapop/files/patch-ab @@ -0,0 +1,30 @@ +--- teapop/pop_auth.c.orig Mon Nov 13 02:03:11 2000 ++++ teapop/pop_auth.c Wed Mar 28 23:58:33 2001 +@@ -111,7 +111,11 @@ + #endif /* ALLOW_APOP */ + pop_cmd_capa(NULL, pinfo); + continue; ++#ifdef ALLOW_APOP + case 4: ++#else ++ case 3: ++#endif /* ALLOW_APOP */ + return 1; + } + /* If we get this far we have a good USER or APOP */ +@@ -158,7 +162,14 @@ + + #ifdef VPOP + ptr = pop_string_find(pinfo->userid, DIVIDERS); +- if (ptr != NULL) { ++ if (ptr == NULL) { ++ syslog(LOG_ERR, "pop_auth: malloc failure"); ++ pop_socket_send(pinfo->out, "%s %s", POP_ERR, ++ POP_WRONG); ++ exit(0); ++ } ++ if (*ptr != '\0') { ++ /* domain delimiters found */ + strcpy(pinfo->domain, ptr+1); + *ptr = '\0'; + } else |