Re: [Exim] authenticator/lookup problem

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Frank Elsner
CC: exim-users
Subject: Re: [Exim] authenticator/lookup problem
On Thu, 25 Jan 2001, Philip Hazel wrote:

> Oh dear. You seem to have uncovered a nasty bug. The failing of the
> lookup results in a blank string, and I have just tested
>
> ${if crypteq{abcde}{}{yes}{no}}
>
> and it gives the answer "yes".


Experiments have revealed that the crypt() function, if given an empty
string as its second argument, returns an empty string. The patch below
(against 3.22) checks that the second argument to "crypteq" contains at
least two characters when it is being passed to crypt(). (These are
needed for the "salt".) If there are fewer than two characters, the
comparison is forced to fail.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.




*** exim-3.22/src/expand.c  Fri Jan 19 09:32:08 2001
--- expand.c    Thu Jan 25 14:17:08 2001
***************
*** 974,980 ****
            "in \"%s\"", sub[1]);
          return NULL;
          }
!       *yield = (strcmp(crypt(sub[0], sub[1]), sub[1]) == 0) == testfor;
        }
      break;
      #else
--- 974,986 ----
            "in \"%s\"", sub[1]);
          return NULL;
          }
! 
!       /* If the encrypted string contains fewer than two characters (for the
!       salt), force failure. Otherwise we get false positives: with an empty
!       string the yield of crypt() is an empty string! */
! 
!       *yield = (strlen(sub[1]) < 2)? !testfor :
!         (strcmp(crypt(CS sub[0], CS sub[1]), sub[1]) == 0) == testfor;
        }
      break;
      #else