Crash in timsieved's cmd_authenticate() on 2.4.6
Greg Banks
gnb at fastmail.fm
Wed Jan 12 18:00:42 EST 2011
Florian Pflug wrote:
> On Jan12, 2011, at 03:32 , Greg Banks wrote:
>
>> On 12/01/11 02:21, Florian Pflug wrote:
>>
>>
>> Thanks, your analysis is correct, but I think a better fix might be the attached (untested) patch.
>>
>
> That's exactly what I did initially :-)
>
> I didn't like it much, though. The bug was probably introduced precisely
> because someone *didn't* realize that mbentry is uninitialized in the
> corner-case of an admin user without a mailbox. Leaving things that way
> carries a high risk of a similar bug being re-introduces by the next
> one who touches this code.
>
We won't be leaving things that way - this fix will last exactly one
release, and is already obsolete in the master branch, where mbentry is
now a pointer which is initialised to NULL at declaration. The patch
against master touches the same line but adds a check that the mbentry
pointer is not NULL.
--
Greg.
More information about the Cyrus-devel
mailing list