From owner-freebsd-ports Wed Mar 28 12:30:10 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 369FC37B71F for ; Wed, 28 Mar 2001 12:30:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f2SKU2C61989; Wed, 28 Mar 2001 12:30:02 -0800 (PST) (envelope-from gnats) Received: from ns.any.ru (ns.any.ru [194.67.127.11]) by hub.freebsd.org (Postfix) with ESMTP id E3CED37B71C for ; Wed, 28 Mar 2001 12:26:38 -0800 (PST) (envelope-from avn@ns.any.ru) Received: (from avn@localhost) by ns.any.ru (8.11.2/8.11.2) id f2SKQFx28988 for FreeBSD-gnats-submit@freebsd.org.AVP; Thu, 29 Mar 2001 00:26:15 +0400 (MSD) (envelope-from avn) Received: (from avn@localhost) by ns.any.ru (8.11.2/8.11.2) id f2SKQFD28979; Thu, 29 Mar 2001 00:26:15 +0400 (MSD) (envelope-from avn) Message-Id: <200103282026.f2SKQFD28979@ns.any.ru> Date: Thu, 29 Mar 2001 00:26:15 +0400 (MSD) From: "Alexey V. Neyman" Reply-To: avn@ns.any.ru To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/26181: teapop port APOP support with virtual hosts, minor bugs Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 26181 >Category: ports >Synopsis: teapop port APOP support with virtual hosts, minor bugs >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Mar 28 12:30:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Alexey V. Neyman >Release: FreeBSD 4.2-STABLE i386 >Organization: ANY.RU >Environment: FreeBSD srv2.any 4.3-RC FreeBSD 4.3-RC #2: Wed Mar 28 17:59:22 MSD 2001 toor@srv2.any:/usr2/obj/usr2/src/sys/AMD4DEBUG i386 although it will behave itself the same on any release >Description: First, teapop fails to authentificate user if he logs in without specifying his domain (pop_auth calls pop_string_find and tests its result against being NULL, while NULL is returned only upon malloc() failures. On empty domain logins pop_string_find returns empty string). This makes APOP login method to always fail as teapop erroneously interprets command APOP avn d41d8cd98f00b204e9800998ecf8427e as an attempt of login for user avn@d41d8cd98f00b204e9800998ecf8427e without supplying MD5 hash value. Instead, return value should be tested against being empty string, while positive test for NULL should cause pop3 server error message to be printed. Second, if configured with WITHOUT_APOP arguments to 'make install', teapop incorrectly handles QUIT command while in authentification state. It's because a part of switch statement became commented out and there will be no branch for return value from pop_wait_for_commands with command "QUIT" (it will return 3, not 4 when configured without APOP). >How-To-Repeat: 1. install teapop port and try to authenticate giving usernemae which does not contain either '%' or '@' using APOP. 2. install teapop port with 'make install WITHOUT_APOP=yes' and enter QUIT after +OK ... prompt >Fix: --- teapop/pop_auth.c.orig Mon Nov 13 02:03:11 2000 +++ teapop/pop_auth.c Wed Mar 28 23:58:33 2001 @@ -111,7 +111,11 @@ #endif /* ALLOW_APOP */ pop_cmd_capa(NULL, pinfo); continue; +#ifdef ALLOW_APOP case 4: +#else + case 3: +#endif /* ALLOW_APOP */ return 1; } /* If we get this far we have a good USER or APOP */ @@ -158,7 +162,14 @@ #ifdef VPOP ptr = pop_string_find(pinfo->userid, DIVIDERS); - if (ptr != NULL) { + if (ptr == NULL) { + syslog(LOG_ERR, "pop_auth: malloc failure"); + pop_socket_send(pinfo->out, "%s %s", POP_ERR, + POP_WRONG); + exit(0); + } + if (*ptr != '\0') { + /* domain delimiters found */ strcpy(pinfo->domain, ptr+1); *ptr = '\0'; } else >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message