Crash in timsieved's cmd_authenticate() on 2.4.6
Greg Banks
gnb at fastmail.fm
Tue Jan 11 21:32:29 EST 2011
G'day Florian,
On 12/01/11 02:21, Florian Pflug wrote:
> Hi
>
> I've just found a bug in timsieved's cmd_authenticate on cyrus 2.4.6.
>
> If the authenticating user is an admin, we proceed even if the mailbox
> lookup fails. In this case, the mboxlist_lookup seems to leave the
> mboxlist_entry uninitialized, making the code believe that the mailbox
> is remote if the bit MBTYPE_REMOTE happens to be set in mbentry.mvtype.
> The crash then happens when xstrdup tried to copy mbentry.partition.
>
> Initializing mbentry to zero in cmd_authenticate() fixes the bug and
> allows admins without mailboxes (like root) to authenticate again
> on my system.
>
>
Thanks, your analysis is correct, but I think a better fix might be the
attached (untested) patch.
Bron changed the mboxlist_lookup() API very recently (not yet in a
release), which means that patch won't apply to ToT, but the bug is
still there. As coincidentally I touched that code yesterday, I'll fix it.
--
Greg.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: t.patch
Type: text/x-patch
Size: 814 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20110112/bf99eff7/attachment.bin
More information about the Cyrus-devel
mailing list