Your message dated Fri, 21 Jan 2005 05:02:50 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#287820: fixed in poppassd 1.8.5-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 30 Dec 2004 10:42:49 +0000
>From [EMAIL PROTECTED] Thu Dec 30 02:42:49 2004
Return-path: <[EMAIL PROTECTED]>
Received: from (mercurio1.alu.ull.es) [193.145.96.33]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CjxlY-000663-00; Thu, 30 Dec 2004 02:42:48 -0800
Received: from root by mercurio1.alu.ull.es with local (Exim 4.34)
id 1CjxoQ-0002SX-KW; Thu, 30 Dec 2004 10:45:46 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Enrique Zanardi <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: poppassd segfaults between "old password" and "new password"
X-Mailer: reportbug 3.2
Date: Thu, 30 Dec 2004 10:45:46 +0000
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: poppassd
Version: 1.8.4-3
Severity: important
Tags: patch
If poppassd can validate the user, but can't retrieve the struct passwd
for that user, it segfaults. The problem is in poppassd.c line 236:
-----
pw=getpwnam(user);
if(pw->pw_uid<POP_MIN_UID || pw == NULL) {
-----
if getpwnam can't build the user's struct passwd , it returns NULL, but
the if on line 236 does the check backwards, so it segfaults on the
first check (pw->pw_uid<POP_MIN_UID). The proper way is:
---------------------
--- poppassd.c.orig 2004-12-30 10:22:48.000000000 +0000
+++ poppassd.c 2004-12-30 10:39:33.000000000 +0000
@@ -233,7 +233,7 @@
pw=getpwnam(user);
- if(pw->pw_uid<POP_MIN_UID || pw == NULL) {
+ if(pw == NULL || pw->pw_uid<POP_MIN_UID) {
WriteToClient("500 Old password is incorrect.");
syslog(LOG_ERR, "failed attempt to change password for %s", user);
exit(1);
---------------------
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-1-386
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages poppassd depends on:
ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an
ii libpam-runtime 0.76-22 Runtime support for the PAM librar
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii netbase 4.19 Basic TCP/IP networking system
---------------------------------------
Received: (at 287820-close) by bugs.debian.org; 21 Jan 2005 10:05:38 +0000
>From [EMAIL PROTECTED] Fri Jan 21 02:05:37 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Crvfd-0007Zx-00; Fri, 21 Jan 2005 02:05:37 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Crvcw-0003Gj-00; Fri, 21 Jan 2005 05:02:50 -0500
From: Adam Conrad <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#287820: fixed in poppassd 1.8.5-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 21 Jan 2005 05:02:50 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: poppassd
Source-Version: 1.8.5-1
We believe that the bug you reported is fixed in the latest version of
poppassd, which is due to be installed in the Debian FTP archive:
poppassd_1.8.5-1.diff.gz
to pool/main/p/poppassd/poppassd_1.8.5-1.diff.gz
poppassd_1.8.5-1.dsc
to pool/main/p/poppassd/poppassd_1.8.5-1.dsc
poppassd_1.8.5-1_powerpc.deb
to pool/main/p/poppassd/poppassd_1.8.5-1_powerpc.deb
poppassd_1.8.5.orig.tar.gz
to pool/main/p/poppassd/poppassd_1.8.5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam Conrad <[EMAIL PROTECTED]> (supplier of updated poppassd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 21 Jan 2005 02:35:21 -0700
Source: poppassd
Binary: poppassd
Architecture: source powerpc
Version: 1.8.5-1
Distribution: unstable
Urgency: low
Maintainer: Adam Conrad <[EMAIL PROTECTED]>
Changed-By: Adam Conrad <[EMAIL PROTECTED]>
Description:
poppassd - password change server for Eudora and NUPOP
Closes: 287820
Changes:
poppassd (1.8.5-1) unstable; urgency=low
.
* New upstream release, incorporating Debian's gcc-3.3 patch.
* Add patch from Enrique Zanardi <[EMAIL PROTECTED]> to avoid segfault
when failing to retrieve the user's passwd struct (closes: #287820)
* Fix up short description to make lintian (and me) happy.
Files:
6548e9519bab3cc57698497d57e1b53f 572 mail optional poppassd_1.8.5-1.dsc
502caa0c9e39d769040c7295d55a53d6 6054 mail optional poppassd_1.8.5.orig.tar.gz
32f00a763455f9ffee1c3178e5e7a403 5346 mail optional poppassd_1.8.5-1.diff.gz
c3ad5ff797afccb421843d2cf034a5ff 14652 mail optional
poppassd_1.8.5-1_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB8NDqvjztR8bOoMkRAkDoAJ9juFDMH4fRccFHpZKmHA6tmHIxtQCfb2+z
ubvEyAP3gySXnsLyAILAqp8=
=fRiY
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
