This alternate patch to qmail-popup.c can be used to limit username/password
to a certain number of characters (I've set it to 40). Note that this patch
does no logging, and if given a >40 character argument after user or pass,
qmail-popup simply dies with an error instead of trying to truncate the
oversize username/password and pass it on.
In addition, this patch does not require the inclusion of any extra header
files.
As with any patch, you apply this at your own risk. I cannot take
responsibility for any problems this patch may cause your particular qmail
installation.
That being said, if anyone does apply this then please make sure to let me
know how it works for you.
--Adam
--- qmail-popup.c.orig Mon Jan 24 21:47:05 2000
+++ qmail-popup.c Mon Jan 24 21:56:54 2000
@@ -61,6 +61,7 @@
void die_fork() { err("unable to fork"); die(); }
void die_childcrashed() { err("aack, child crashed"); }
void die_badauth() { err("authorization failed"); }
+void die_over40() { err("username/password >40 chars not allowed"); die(); }
void err_syntax() { err("syntax error"); }
void err_wantuser() { err("USER first"); }
@@ -87,7 +88,12 @@
int child;
int wstat;
int pi[2];
-
+
+/* Don't allow passwords over 40 characters */
+
+ if(str_len(user) >= 40) die_over40();
+ if(str_len(pass) >= 40) die_over40();
+
if (fd_copy(2,1) == -1) die_pipe();
close(3);
if (pipe(pi) == -1) die_pipe();
