bug-mailutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Virtual User/Alternative Authorization Methods

From: Alain Magloire
Subject: Re: Virtual User/Alternative Authorization Methods
Date: Thu, 15 Mar 2001 20:39:00 -0500 (EST) 
> 
> On Thu, 15 Mar 2001, Alain Magloire wrote:
> 
> > Cool.  There were some bugs and security fixes, you may wish to browse
> > mailutils/pop3d/*.  Since we share the same lineage, you will find your
> > way quickly.  Do you have a URL to your work, I can rapidly fix or port
> 
> http://www.reedmedia.net/software/virtualmail-pop3d/ (currently forwards
> to the patch page)
> 
> The changes/history is at:
>  http://www.reedmedia.net/projects/virtualmail/#history
> 
> I have not posted (released) the fix for the dieing daemons. (On some OS's
> each forked daemon dies off, but not replaced.)

You want to tell me more about this.  I do not have such behaviour
in mailutils/pop3d.  But I did not heavily tested either.

> In addition, my latest
> released patch has some other problems I've found that I need to fix.

Jeff B. is proposing an API for virutual domains maybe you would like
to drop in with your ides and the experience you have with you vm-pop3d
So we can come up with some common work.  Do you have some ideas
on how to tackle this issues?

> > back some of the changes, for example IIRC there some issues in
> > pop3d_readline().
> 
> If you remember, please tell me about that problem.

   char buf[1024];
   memset (buf, '\0', 1024);
   if (read (fd, buf, 1024) < 1)                                                
     pop3_abquit (ERR_DEAD_SOCK);
      pop3_abquit (ERR_DEAD_SOCK);
   if (ret == NULL)
     {
        ret = malloc ((strlen (buf) + 1) * sizeof (char));
        strcpy (ret, buf);
...
     }

The string is not terminated, doing this:
  read (fd, buf, 1023);
should correct part of the problem.  Take a look at
mailutils/pop3d/extra.c, sparky did rewrite in to do {}while()
which is more correct :

        * pop3d/extra.c (pop3_readline) : Since the length of the string
        is known, we can use memcpy() and friends for string manipulations.
        memXXX() functions are builtin in GNU C (gcc) and are much faster
        then the strXXX() counterparts. Small change in the loop to take
        advantage of this. 

I think they was a bug in pop3_abquit() ofile was not set.
And  also it did handle ERR_FILE properly :

        * pop3d/quit.c : The rfc1939 insist that after a QUIT, we must
        release any resources and close the connection:
        "Whether the removal was successful or not, the server
        then releases any exclusive-access lock on the maildrop
        and closes the TCP connection."  This was not done if error
        occured while expunging, now we will close the connection and
        notify the client of the error(ERR_FILE).

There are maybe other stuff, I think they was a bug in pop3_abquit()

--
alain
reply via email to
[Prev in Thread] Current Thread [Next in Thread]