Crash in timsieved's cmd_authenticate() on 2.4.6
Florian Pflug
fgp at phlo.org
Wed Jan 12 18:22:48 EST 2011
On Jan13, 2011, at 00:00 , Greg Banks wrote:
> Florian Pflug wrote:
>> On Jan12, 2011, at 03:32 , Greg Banks wrote:
>>
>>> On 12/01/11 02:21, Florian Pflug wrote:
>>>
>>> Thanks, your analysis is correct, but I think a better fix might be the attached (untested) patch.
>>>
>>
>> That's exactly what I did initially :-)
>>
>> I didn't like it much, though. The bug was probably introduced precisely
>> because someone *didn't* realize that mbentry is uninitialized in the corner-case of an admin user without a mailbox. Leaving things that way
>> carries a high risk of a similar bug being re-introduces by the next
>> one who touches this code.
> We won't be leaving things that way - this fix will last exactly one release, and is already obsolete in the master branch, where mbentry is now a pointer which is initialised to NULL at declaration. The patch against master touches the same line but adds a check that the mbentry pointer is not NULL.
Ah, OK, sorry for the noise then
best regards,
Florian Pflug
More information about the Cyrus-devel
mailing list