[tpop3d-discuss] Auth-Ldap BUG
Simon Loader
simon at surf.org.uk
Fri, 06 Sep 2002 12:40:12 +0100
Im hoping this wil thread with the one already in the list.
I just came across the same bug in either auth_ldap or tpop3d in
general. If you login with "pass " (pass and a single space) the user
is logged in with out authenticating. As far as I can tell it never really
calls the ldap authentication (or if it does it returns early). So I patched
it like this:-
--- pop3.c.orig Tue Jun 25 21:28:00 2002
+++ pop3.c Fri Sep 6 12:37:05 2002
@@ -73,6 +73,9 @@
} else if (c->pass) {
connection_sendresponse(c, 0, _("But you already said
`PASS'."));
return do_nothing;
+ } else if ( strlen(p->toks->toks[1]) == 0 ) {
+ connection_sendresponse(c, 0, _("No, that's not right."));
+ return do_nothing;
} else {
c->pass = xstrdup(p->toks->toks[1]);
if (!c->pass) {
Not very efficient but works. It is very possible that this is the
completely wrong place
to fix this but hey its a quick fix for anyone out there.
--
Simon Loader