--
--
elo,
i experimented with exim's new saslauthd condition.
if i use the feature without specifying service and realm
${if saslauthd{{$2}{$3}}{yes}{no}}
exim segfaults in saslauthd_verify_password().
i traced the bug to eval_condition() in expand.c.
in the saslauthd section the sub[] array is passed to
auth_call_saslauthd() without verifying the values returned by
read_subs(). if the condition is called without service and realm,
sub[2] is set to NULL, whereas sub[3] is left undefined ( read_subs()
sets the first non-present item to NULL and returns ).
saslauthd_verify_password() segfaults when accessing sub[3].
i attached a patch to expand.c, which checks the value of sub[2] prior
to calling auth_call_saslauthd(). if sub[2] is NULL, sub[3] is set to
NULL too.
dunno if this is the proper approach, but it works ;-)
best,
tom.
--
Thomas "Duke" Hager | "Microsoft is not the answer.
duke@{bofh.at,1012surf.net} | Microsoft is the question.
thomas.hager@??? | NO is the answer."
Erik Naggum.
--
--- exim-4.22/src/expand.c Mon Aug 18 14:52:54 2003
+++ exim-4.22.hack/src/expand.c Fri Aug 29 15:44:25 2003
@@ -1462,6 +1462,9 @@
if (yield != NULL)
{
int rc;
+
+ if ( sub[2] == NULL ) sub[3] = NULL;
+
rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
&expand_string_message);
if (rc == ERROR || rc == DEFER) return NULL;
--
Content-Description: This is a digitally signed message part
[ signature.asc of type application/pgp-signature deleted ]
--
