On Thu, 25 Jan 2001, Philip Hazel wrote:
> Oh dear. You seem to have uncovered a nasty bug. The failing of the
> lookup results in a blank string, and I have just tested
>
> ${if crypteq{abcde}{}{yes}{no}}
>
> and it gives the answer "yes".
Experiments have revealed that the crypt() function, if given an empty
string as its second argument, returns an empty string. The patch below
(against 3.22) checks that the second argument to "crypteq" contains at
least two characters when it is being passed to crypt(). (These are
needed for the "salt".) If there are fewer than two characters, the
comparison is forced to fail.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
*** exim-3.22/src/expand.c Fri Jan 19 09:32:08 2001
--- expand.c Thu Jan 25 14:17:08 2001
***************
*** 974,980 ****
"in \"%s\"", sub[1]);
return NULL;
}
! *yield = (strcmp(crypt(sub[0], sub[1]), sub[1]) == 0) == testfor;
}
break;
#else
--- 974,986 ----
"in \"%s\"", sub[1]);
return NULL;
}
!
! /* If the encrypted string contains fewer than two characters (for the
! salt), force failure. Otherwise we get false positives: with an empty
! string the yield of crypt() is an empty string! */
!
! *yield = (strlen(sub[1]) < 2)? !testfor :
! (strcmp(crypt(CS sub[0], CS sub[1]), sub[1]) == 0) == testfor;
}
break;
#else
