Bug in mboxlist_mycreatemailboxcheck()
Julian Reich
jreich at jreich.com
Wed Jun 4 09:31:30 EDT 2008
Hi,
a buggy check in mboxlist_mycreatemailboxcheck() allows authenticated
users that not yet have an inbox to create it whether autocreatequota
is set to 0 or not.
The user is then granted unlimited storage.
This only happens when virtdomains is not set to off and the domain
contains at least one dot.
The issue can easily be fixed by using the "local" mailbox name for
doing the check instead of the fully qualified.
Yours,
Julian Reich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus-imapd-virtdomains-createmailbox.patch
Type: application/octet-stream
Size: 731 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20080604/2354455f/attachment.obj
-------------- next part --------------
More information about the Cyrus-devel
mailing list