This alternate patch to qmail-popup.c can be used to limit username/password to a certain number of characters (I've set it to 40). Note that this patch does no logging, and if given a >40 character argument after user or pass, qmail-popup simply dies with an error instead of trying to truncate the oversize username/password and pass it on. In addition, this patch does not require the inclusion of any extra header files. As with any patch, you apply this at your own risk. I cannot take responsibility for any problems this patch may cause your particular qmail installation. That being said, if anyone does apply this then please make sure to let me know how it works for you. --Adam --- qmail-popup.c.orig Mon Jan 24 21:47:05 2000 +++ qmail-popup.c Mon Jan 24 21:56:54 2000 @@ -61,6 +61,7 @@ void die_fork() { err("unable to fork"); die(); } void die_childcrashed() { err("aack, child crashed"); } void die_badauth() { err("authorization failed"); } +void die_over40() { err("username/password >40 chars not allowed"); die(); } void err_syntax() { err("syntax error"); } void err_wantuser() { err("USER first"); } @@ -87,7 +88,12 @@ int child; int wstat; int pi[2]; - + +/* Don't allow passwords over 40 characters */ + + if(str_len(user) >= 40) die_over40(); + if(str_len(pass) >= 40) die_over40(); + if (fd_copy(2,1) == -1) die_pipe(); close(3); if (pipe(pi) == -1) die_pipe();