Re: [exim] [BUG?] in src/auths/pwcheck.c

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: g
CC: exim users
Subject: Re: [exim] [BUG?] in src/auths/pwcheck.c
On Wed, 4 Oct 2006, g wrote:

> while reusing the code in src/auths/pwcheck.c I noticed a potential
> problem in saslauthd_verify_password
> where towards the end you have:
>
>      *reply = daemon_reply;

>
> that should be, like all other assignements:
>
>      if (reply)
>        *reply = daemon_reply;

>
> I was hit by this while calling the function with a NULL reply.


As it happens, that function is never called with reply==NULL, but the
code ought to be consistent, so I'll fix it.

> I hope Philip you will not mind if I liberally take from that source
> to develop an apache mod_authnz_sasl module (for apache2). Almost done..


Not at all - and in any case this is not my original code. :-) You might
like to see what you make of the Carnegie-Mellon licence notice at the
top of the file.

<aside>
You can tell that this is not my code because I would have written "if
(reply != NULL)" rather than "if (reply)". I feel uncomfortable assuming
that NULL is the same as zero - even though every C system in the world
does it this way, I think. The standard says that NULL "expands to an
implementation-defined null pointer constant". It doesn't say it has to
be zero when cast to an int. I only write "if (variable)" when the
variable is known to be a Boolean true/false value. Even for an integer
I'd write "if (x != 0)". It's a pity that C conflates Booleans and
integers.
</aside>

-- 
Philip Hazel            University of Cambridge Computing Service
Get the Exim 4 book:    http://www.uit.co.uk/exim-book