From 1096d5b2bd44332ce814c60c18e31c7e0d97869d Mon Sep 17 00:00:00 2001 From: Jim Mock Date: Wed, 28 Mar 2001 20:51:19 +0000 Subject: Fix the following from the PR: First, teapop fails to authentificate user if he logs in without specifying his domain (pop_auth calls pop_string_find and tests its result against being NULL, while NULL is returned only upon malloc() failures. On empty domain logins pop_string_find returns empty string). This makes APOP login method to always fail as teapop erroneously interprets command APOP avn d41d8cd98f00b204e9800998ecf8427e as an attempt of login for user avn@d41d8cd98f00b204e9800998ecf8427e without supplying MD5 hash value. Instead, return value should be tested against being empty string, while positive test for NULL should cause pop3 server error message to be printed. Second, if configured with WITHOUT_APOP arguments to 'make install', teapop incorrectly handles QUIT command while in authentification state. It's because a part of switch statement became commented out and there will be no branch for return value from pop_wait_for_commands with command "QUIT" (it will return 3, not 4 when configured without APOP). PR: 26181 Submitted by: Alexey V. Neyman --- mail/teapop-devel/files/patch-ab | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 mail/teapop-devel/files/patch-ab (limited to 'mail/teapop-devel/files/patch-ab') diff --git a/mail/teapop-devel/files/patch-ab b/mail/teapop-devel/files/patch-ab new file mode 100644 index 000000000000..aad97bbbecfe --- /dev/null +++ b/mail/teapop-devel/files/patch-ab @@ -0,0 +1,30 @@ +--- teapop/pop_auth.c.orig Mon Nov 13 02:03:11 2000 ++++ teapop/pop_auth.c Wed Mar 28 23:58:33 2001 +@@ -111,7 +111,11 @@ + #endif /* ALLOW_APOP */ + pop_cmd_capa(NULL, pinfo); + continue; ++#ifdef ALLOW_APOP + case 4: ++#else ++ case 3: ++#endif /* ALLOW_APOP */ + return 1; + } + /* If we get this far we have a good USER or APOP */ +@@ -158,7 +162,14 @@ + + #ifdef VPOP + ptr = pop_string_find(pinfo->userid, DIVIDERS); +- if (ptr != NULL) { ++ if (ptr == NULL) { ++ syslog(LOG_ERR, "pop_auth: malloc failure"); ++ pop_socket_send(pinfo->out, "%s %s", POP_ERR, ++ POP_WRONG); ++ exit(0); ++ } ++ if (*ptr != '\0') { ++ /* domain delimiters found */ + strcpy(pinfo->domain, ptr+1); + *ptr = '\0'; + } else -- cgit v1.2.3