[tpop3d-discuss] Problems with auth_other

Chris Lightfoot chris@xxxxxxxxxxxxx
Tue, 8 Jan 2002 12:08:33 +0000


On Tue, Jan 08, 2002 at 11:52:17AM +0100, Allan Joergensen wrote:
> After trying out auth_perl, I found out, as pointed out earlier, that I
> too suffered from some sort of memory leak.
> 
> I then tried using auth_other and TPOP3D::AuthDriver and it seems, that
> either my Perl skills are very poor or something's wrong in tpop3d (the
> program authenticates the user against a MySQL base).
> 
> The problem is:
> 
> when the user first logs in, the user is either authenticated or
> rejected.
> 
> Then, based on circumstances I can not figure out, the next login
> attempt will be the same as the first, ie if the user tries foo/bar the
> next login attempt also tries foo/bar, even if the user inputs bar/foo.
> 
> The Perl program is based heavily on the Oracle script in the
> distribution and the TPOP3D::AuthDriver documentaion.

Mea culpa. I believe that this is a bug in the
TPOP3D::AuthDriver module. It would occasionally pass an
old request to the authentication driver. This is,
obviously, a fairly serious bug. Note that this does not
apply to operation under auth_perl. Apologies for this
SNAFU.

Could you apply the following patch to AuthDriver.pm and
re-install it, and tell me whether that fixes the problem?

diff -u -r1.3 AuthDriver.pm
--- AuthDriver.pm       2001/10/26 22:28:32     1.3
+++ AuthDriver.pm       2002/01/08 12:06:56
@@ -81,8 +81,6 @@
 
 package TPOP3D::AuthDriver;
 
-use MD5;
-
 $VERSION = '0.1';
 
 =item new
@@ -109,30 +107,27 @@
 =cut
 sub run ($) {
     my $self = shift;
-    my ($buffer, $offset);
+    my ($buffer);
     local %SIG;
     $SIG{TERM} = sub { $self->{foad} = 1; };
 
     $self->start();
 
     $buffer = '';
-    $offset = 0;
     do {
         my $readfds = '';
         vec($readfds, fileno(STDIN), 1) = 1;
         if (select($readfds, undef, undef, 0.1) == 1) {
-            my $i = sysread(STDIN, $buffer, 4096, $offset);
-            if ($i > 0) {
-                $offset += $i;
-            } else {
+            my $i = sysread(STDIN, $buffer, 4096, length($buffer));
+            if ($i <= 0) {
                 $self->{foad} = 1;
             }
 
             # Now see whether the first part of the buffer has the right
             # structure:
-            if ($buffer =~ /((?:(?:[^\0]+\0){2})+)\0/) {
+            if ($buffer =~ /^((?:(?:[^\0]+\0){2})+)\0/) {
                 my $packet = $1;
-                $buffer = substr($buffer, length($packet));
+                $buffer = substr($buffer, length($packet) + 1);
                 last unless ($self->process_packet($packet));
             }
         }
----------------- end patch

-- 
 `Evans boldly put 50 atm. of Ethylene in a cell with 25 atm. of oxygen. The
  apparatus subsequently blew up, but luckily not before he obtained the spectra
  shown in fig. 8.' A J Merer and R S Mulliken Chem. Rev. 69, 645 (1969)