Package: hylafax-server
Version: 3:6.0.6-5
Severity: grave
Tags: upstream patch
Justification: renders package unusable
Dear Maintainer,
after installing hylafax-server on a new server clients couldnt connect.
Using netcat I found thet the server disconnected immediatedly after entering
the password.
Debugging the server I found, that a NULL pinter was not handled in User.c++
A patch is included.
Sincerely
tilo
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages hylafax-server depends on:
ii adduser 3.113+nmu3
ii bsd-mailx [mailx] 8.1.2-0.20131005cvs-1
ii debconf [debconf-2.0] 1.5.53
ii exim4-daemon-light [mail-transport-agent] 4.82.1-1+b1
ii ghostscript 9.05~dfsg-8.1
ii hylafax-client 3:6.0.6-5
ii libc6 2.19-5
ii libgcc1 1:4.9.0-10
ii libjbig0 2.0-2.1
ii libpam0g 1.1.8-3
ii libstdc++6 4.9.0-10
ii libtiff-tools 4.0.3-10
ii libtiff5 4.0.3-10
ii lsb-base 4.1+Debian13
ii psmisc 22.21-2
ii sed 4.2.2-4
ii zlib1g 1:1.2.8.dfsg-1
hylafax-server recommends no packages.
Versions of packages hylafax-server suggests:
pn mgetty <none>
pn psrip <none>
-- debconf information:
hylafax-server/setup_failed:
hylafax-server/start_now: true
--- a/hfaxd/User.c++
+++ b/hfaxd/User.c++
@@ -202,7 +202,11 @@
bool
HylaFAXServer::checkpasswdHosts (const char* pass)
{
- if (strcmp(crypt(pass,passwd),passwd) == 0)
+ char* r;
+ r = crypt(pass,passwd);
+ if (!r)
+ return false;
+ if (strcmp(r,passwd) == 0)
return true;
return false;
