Re: [vchkpw] Error when vpopmail is autocreating a user

[Tom Collins]

On Jan 8, 2004, at 7:12 AM, Shane Chrisp wrote:
I have found that the bug begins as of 5.3.29 and is present in all
versions up to the latest 5.4.0-rc1.
We've got a tracker for this going on SourceForge,  
<https://sourceforge.net/tracker/index.php? 
func=detail&aid=873007&group_id=85937&atid=577798>

Here's my latest entry:

----------------------
If you suspect:
r_chown(".", uid, gid);

try replacing it with:

chdir("..");
r_chown(username, uid, gid);
But I doubt that's it -- the error indicates that r_chown() is being  
called with "¨ßB¨ßBopmail/domains/cwispy.com/test" as the path.

I'm thinking that there's buffer overflow, or some other issue that is  
causing the directory name to be overwritten with random data.  Perhaps  
a function buffer that should be static, but isn't.

Maybe vmake_maildir(), or code just before it, since it calls r_chown()  
with a fully qualified path?  Or it could be a problem with the code  
that reads in the pathname?

What is the auth backend, and what does the user's entry look like?  We  
might be barking up the wrong tree here -- if it's munged in the auth,  
then we need to back up even further.
----------------------

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/