Patch for checking password length. Bye Rick
--- vpopmail.c 2005-05-23 18:12:36.000000000 +0200 +++ /home/rick/sorgenti/vpopmail-5.4.12/vpopmail.c 2006-03-17 14:52:01.000000000 +0100 @@ -457,7 +457,11 @@ if ( strlen(domain) > MAX_PW_DOMAIN ) return(VA_DOMAIN_NAME_TOO_LONG); if ( strlen(domain) < 3) return(VA_INVALID_DOMAIN_NAME); + if ( strlen(password) > MAX_PW_PASS ) return(VA_PASSWD_TOO_LONG); +#ifdef CLEAR_PASS if ( strlen(password) > MAX_PW_CLEAR_PASSWD ) return(VA_PASSWD_TOO_LONG); +#endif + if ( strlen(gecos) > MAX_PW_GECOS ) return(VA_GECOS_TOO_LONG); umask(VPOPMAIL_UMASK); @@ -1350,7 +1354,11 @@ if ( strlen(username) == 1 ) return(VA_ILLEGAL_USERNAME); #endif if ( strlen(domain) > MAX_PW_DOMAIN ) return(VA_DOMAIN_NAME_TOO_LONG); - if ( strlen(password) > MAX_PW_CLEAR_PASSWD ) return(VA_PASSWD_TOO_LONG); + + if ( strlen(password) > MAX_PW_PASS ) return(VA_PASSWD_TOO_LONG); +#ifdef CLEAR_PASS + if ( strlen(password) > MAX_PW_CLEAR_PASSWD ) return(VA_PASSWD_TOO_LONG); +#endif lowerit(username); lowerit(domain);