[Dovecot] password_verify in test67 with ldap
Timo Sirainen
tss at iki.fi
Sat Apr 23 18:51:35 EEST 2005
On 19.4.2005, at 12:39, Thomas Hummel wrote:
> A quick and dirty fix confirms what I was saying :
>
> If I add :
>
> strncpy(ldap_request->password,password,50);
>
> in
>
> auth/passdb-ldap.c:ldap_verify_plain
>
> the authentication against LDAP works correctly.
Ah, I see. That strncpy() however has the unfortunate effect of
possibly corrupting heap and causing all sorts of trouble :) The real
fix is to remove ldap_request->password completely and instead use
auth_request->mech_password. I had started that change but looks like
it got only halfway with LDAP code.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20050423/658f629b/attachment-0001.bin>
More information about the dovecot
mailing list