On Wed, 4 Oct 2006, g wrote:
> while reusing the code in src/auths/pwcheck.c I noticed a potential
> problem in saslauthd_verify_password
> where towards the end you have:
>
> *reply = daemon_reply;
>
> that should be, like all other assignements:
>
> if (reply)
> *reply = daemon_reply;
In fact, that function is never called with reply==NULL, and in the
dummy function that is compiled when the authenticator isn't wanted, it
also writes without testing. I have therefore removed all the tests,
rather than adding a new one.
Philip
--
Philip Hazel, University of Cambridge Computing Service.
