Crash in timsieved's cmd_authenticate() on 2.4.6
Florian Pflug
fgp at phlo.org
Tue Jan 11 10:21:39 EST 2011
Hi
I've just found a bug in timsieved's cmd_authenticate on cyrus 2.4.6.
If the authenticating user is an admin, we proceed even if the mailbox
lookup fails. In this case, the mboxlist_lookup seems to leave the
mboxlist_entry uninitialized, making the code believe that the mailbox
is remote if the bit MBTYPE_REMOTE happens to be set in mbentry.mvtype.
The crash then happens when xstrdup tried to copy mbentry.partition.
Initializing mbentry to zero in cmd_authenticate() fixes the bug and
allows admins without mailboxes (like root) to authenticate again
on my system.
best regards,
Florian Pflug
More information about the Cyrus-devel
mailing list