off by one error in nnrpd
Keith Lewis
keithl at mukluk.cc.monash.edu.au
Wed Mar 29 22:32:12 UTC 2000
-----BEGIN PGP SIGNED MESSAGE-----
Hi Folks,
I think I've found an off by one error in ...inn/nnrpd/perm.c
Lets assume readers.conf contains only one auth realm that contains
only an `auth:' key.
At around line 1144 we have something like:
for (i = 0; auth_realms[i]; i++)
if (auth_realms[i]->auth_methods)
canauthenticate = 1;
/* with only one auth realm, i will be 1 on exit from this loop */
uname = 0;
while (!uname && i--) {
uname = ResolveUser(auth_realms[i]);
if (!uname && auth_realms[i]->default_user)
uname = auth_realms[i]->default_user;
}
/* with no resolver or default_user in the auth realm, i will be 0 on
* the only pass through this loop, but will be -1 on exit.
* uname will still be nil, but canauthenticate will be 1. */
if (uname) {
... this path not taken ...
} else if (!canauthenticate) {
... this path not taken ...
} else {
PERMneedauth = TRUE;
success_auth = auth_realms[i];
/* Kaboom! (i == -1). */
This was on a DEC Alpha 3000/800 running TU 4.0f pk 1 with gcc 2.8.1
Keith
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBOOKEbHEpE0nRVDfpAQEDrQP8DsX1REwMsgJR40fhUBFcspr8/NizLdpQ
N/9GmBq91a0GFaFdzG5ui4qjE5atExcvGephDGl4ovOadp+y36vrtiaG4TFpOxE7
VYU7HnV6FxhGPpv7NL3JM54JBmBTPKx+dAoPrMddtWthtUTLLPNtw/xq0Bqpkicd
GIdKF7nTfbQ=
=fhyc
-----END PGP SIGNATURE-----
More information about the inn-workers
mailing list