[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Virtual User/Alternative Authorization Methods
From: |
Alain Magloire |
Subject: |
Re: Virtual User/Alternative Authorization Methods |
Date: |
Thu, 15 Mar 2001 20:39:00 -0500 (EST) |
>
> On Thu, 15 Mar 2001, Alain Magloire wrote:
>
> > Cool. There were some bugs and security fixes, you may wish to browse
> > mailutils/pop3d/*. Since we share the same lineage, you will find your
> > way quickly. Do you have a URL to your work, I can rapidly fix or port
>
> http://www.reedmedia.net/software/virtualmail-pop3d/ (currently forwards
> to the patch page)
>
> The changes/history is at:
> http://www.reedmedia.net/projects/virtualmail/#history
>
> I have not posted (released) the fix for the dieing daemons. (On some OS's
> each forked daemon dies off, but not replaced.)
You want to tell me more about this. I do not have such behaviour
in mailutils/pop3d. But I did not heavily tested either.
> In addition, my latest
> released patch has some other problems I've found that I need to fix.
Jeff B. is proposing an API for virutual domains maybe you would like
to drop in with your ides and the experience you have with you vm-pop3d
So we can come up with some common work. Do you have some ideas
on how to tackle this issues?
> > back some of the changes, for example IIRC there some issues in
> > pop3d_readline().
>
> If you remember, please tell me about that problem.
char buf[1024];
memset (buf, '\0', 1024);
if (read (fd, buf, 1024) < 1)
pop3_abquit (ERR_DEAD_SOCK);
pop3_abquit (ERR_DEAD_SOCK);
if (ret == NULL)
{
ret = malloc ((strlen (buf) + 1) * sizeof (char));
strcpy (ret, buf);
...
}
The string is not terminated, doing this:
read (fd, buf, 1023);
should correct part of the problem. Take a look at
mailutils/pop3d/extra.c, sparky did rewrite in to do {}while()
which is more correct :
* pop3d/extra.c (pop3_readline) : Since the length of the string
is known, we can use memcpy() and friends for string manipulations.
memXXX() functions are builtin in GNU C (gcc) and are much faster
then the strXXX() counterparts. Small change in the loop to take
advantage of this.
I think they was a bug in pop3_abquit() ofile was not set.
And also it did handle ERR_FILE properly :
* pop3d/quit.c : The rfc1939 insist that after a QUIT, we must
release any resources and close the connection:
"Whether the removal was successful or not, the server
then releases any exclusive-access lock on the maildrop
and closes the TCP connection." This was not done if error
occured while expunging, now we will close the connection and
notify the client of the error(ERR_FILE).
There are maybe other stuff, I think they was a bug in pop3_abquit()
--
alain