[dovecot-cvs] dovecot/src/auth db-passwd-file.c,1.24,1.25

cras at dovecot.org cras at dovecot.org
Sun Apr 9 12:29:56 EEST 2006


Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv17439

Modified Files:
	db-passwd-file.c 
Log Message:
Don't crash if passwd-file has entries without passwords.



Index: db-passwd-file.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-passwd-file.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- db-passwd-file.c	31 Mar 2006 15:02:37 -0000	1.24
+++ db-passwd-file.c	9 Apr 2006 09:29:54 -0000	1.25
@@ -38,9 +38,9 @@
 	pu = p_new(pw->pool, struct passwd_user, 1);
 	user = p_strdup(pw->pool, username);
 
-	len = strlen(pass);
-	if (pass[0] != '{' && pass[0] != '$' &&
-	    len > 4 && pass[len-1] == ']' && pass[len-4] == '[') {
+	len = pass == NULL ? 0 : strlen(pass);
+	if (len > 4 && pass[0] != '{' && pass[0] != '$' &&
+	    pass[len-1] == ']' && pass[len-4] == '[') {
 		/* password[type] - we're being libpam-pwdfile compatible
 		   here. it uses 13 = DES and 34 = MD5. For backwards
 		   comaptibility with ourself, we have also 56 = Digest-MD5. */



More information about the dovecot-cvs mailing list