On Wed, 4 Oct 2006, g wrote:
> while reusing the code in src/auths/pwcheck.c I noticed a potential
> problem in saslauthd_verify_password
> where towards the end you have:
>
> *reply = daemon_reply;
>
> that should be, like all other assignements:
>
> if (reply)
> *reply = daemon_reply;
>
> I was hit by this while calling the function with a NULL reply.
As it happens, that function is never called with reply==NULL, but the
code ought to be consistent, so I'll fix it.
> I hope Philip you will not mind if I liberally take from that source
> to develop an apache mod_authnz_sasl module (for apache2). Almost done..
Not at all - and in any case this is not my original code. :-) You might
like to see what you make of the Carnegie-Mellon licence notice at the
top of the file.
<aside>
You can tell that this is not my code because I would have written "if
(reply != NULL)" rather than "if (reply)". I feel uncomfortable assuming
that NULL is the same as zero - even though every C system in the world
does it this way, I think. The standard says that NULL "expands to an
implementation-defined null pointer constant". It doesn't say it has to
be zero when cast to an int. I only write "if (variable)" when the
variable is known to be a Boolean true/false value. Even for an integer
I'd write "if (x != 0)". It's a pity that C conflates Booleans and
integers.
</aside>
--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book