Package: hylafax-server Version: 3:6.0.6-5 Severity: grave Tags: upstream patch Justification: renders package unusable
Dear Maintainer, after installing hylafax-server on a new server clients couldnt connect. Using netcat I found thet the server disconnected immediatedly after entering the password. Debugging the server I found, that a NULL pinter was not handled in User.c++ A patch is included. Sincerely tilo -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages hylafax-server depends on: ii adduser 3.113+nmu3 ii bsd-mailx [mailx] 8.1.2-0.20131005cvs-1 ii debconf [debconf-2.0] 1.5.53 ii exim4-daemon-light [mail-transport-agent] 4.82.1-1+b1 ii ghostscript 9.05~dfsg-8.1 ii hylafax-client 3:6.0.6-5 ii libc6 2.19-5 ii libgcc1 1:4.9.0-10 ii libjbig0 2.0-2.1 ii libpam0g 1.1.8-3 ii libstdc++6 4.9.0-10 ii libtiff-tools 4.0.3-10 ii libtiff5 4.0.3-10 ii lsb-base 4.1+Debian13 ii psmisc 22.21-2 ii sed 4.2.2-4 ii zlib1g 1:1.2.8.dfsg-1 hylafax-server recommends no packages. Versions of packages hylafax-server suggests: pn mgetty <none> pn psrip <none> -- debconf information: hylafax-server/setup_failed: hylafax-server/start_now: true
--- a/hfaxd/User.c++ +++ b/hfaxd/User.c++ @@ -202,7 +202,11 @@ bool HylaFAXServer::checkpasswdHosts (const char* pass) { - if (strcmp(crypt(pass,passwd),passwd) == 0) + char* r; + r = crypt(pass,passwd); + if (!r) + return false; + if (strcmp(r,passwd) == 0) return true; return false;