[tpop3d-discuss] upgrade to tpop3d1.4.2

Chris Lightfoot chris at ex-parrot.com
Fri, 20 Sep 2002 17:31:25 +0100


On Fri, Sep 20, 2002 at 10:53:55AM -0500, Brian Fuller (Byte Head Internet) wrote:
> O.K. The server went down and this is what gdb gave me:
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x40117e83 in strncmp (s1=0x0, s2=0x805345f "{crypt}", n=7)
>     at ../sysdeps/generic/strncmp.c:42
> 42      ../sysdeps/generic/strncmp.c: No such file or directory.
>         in ../sysdeps/generic/strncmp.c
> 
> If you need more info let me know.

A guess -- do you have any NULL entries for password in
your database?

Try this patch:

diff -u -r1.46 auth_mysql.c
--- auth_mysql.c        25 Jun 2002 20:28:00 -0000      1.46
+++ auth_mysql.c        20 Sep 2002 16:30:13 -0000
@@ -405,7 +405,10 @@
                 if (!row || !(lengths = mysql_fetch_lengths(result))) break;
 
                 /* Verify that this user has a plaintext password. */
-                if (strncmp(row[1], "{plaintext}", 11) != 0) {
+                if (!row[1]) {
+                    log_print(LOG_ERR, _("auth_mysql_new_apop: password hash for user %s is NULL"), who);
+                    break;
+                } else if (strncmp(row[1], "{plaintext}", 11) != 0) {
                     log_print(LOG_WARNING, _("auth_mysql_new_apop: attempted APOP login by %s, who does not have a plaintext password"), who);
                     break;
                 }
@@ -514,7 +517,9 @@
                 /* Verify the password. There are several possibilities here. */
                 pwhash = (char*)row[1];
 
-                if (strncmp(pwhash, "{crypt}", 7) == 0) {
+                if (!pwhash) {
+                    log_print(LOG_ERR, _("auth_mysql_new_user_pass: password hash for user %s is NULL"), who);
+                } else if (strncmp(pwhash, "{crypt}", 7) == 0) {
                     /* Password hashed by system crypt function. */
                     if (strcmp(crypt(pass, pwhash + 7), pwhash + 7) == 0) authok = 1;
                 } else if (strncmp(pwhash, "{crypt_md5}", 11) == 0) {


-- 
Theoreticians have always succeeded in providing an understanding for
all observed phenomena--even those which later proved to be incorrect
(anonymous)