In vpopmail-5.5.0 there seems to be a bug in vadduser that causes a
segmentation fault when a password does not pass the password_strength
rules. Patch attached.
!DSPAM:55f7e27341551399513616!
diff -uPr vpopmail-5.5.0.orig/vadduser.c vpopmail-5.5.0/vadduser.c
--- vpopmail-5.5.0.orig/vadduser.c 2010-11-05 18:37:22.000000000 +0000
+++ vpopmail-5.5.0/vadduser.c 2015-09-14 12:49:23.957094657 +0100
@@ -28,16 +28,19 @@
#include <signal.h>
#include "config.h"
#include "vpopmail.h"
-#include "vauth.h"
#include "vauthmodule.h"
+#include "vauth.h"
+#include "pwstr.h"
char Email[MAX_BUFF];
+char User[MAX_BUFF];
+char Domain[MAX_BUFF];
char Passwd[MAX_BUFF];
char Quota[MAX_BUFF];
char Gecos[MAX_BUFF];
char Crypted[MAX_BUFF];
-int apop;
+int apop = USE_POP;
int RandomPw;
int NoPassword = 0;
@@ -47,8 +50,6 @@
int main(int argc,char **argv)
{
int i;
- char User[MAX_BUFF];
- char Domain[MAX_BUFF];
struct vqpasswd *vpw;
i = vauth_load_module(NULL);
