p/t_strdup_until wasn't returning a terminated string: Index: src/lib/strfuncs.c ==================================================================RCS file: /home/cvs/dovecot/src/lib/strfuncs.c,v retrieving revision 1.41 diff -u -p -r1.41 strfuncs.c --- src/lib/strfuncs.c 18 Jul 2004 01:44:59 -0000 1.41 +++ src/lib/strfuncs.c 31 Jul 2004 08:43:35 -0000 @@ -154,6 +154,7 @@ char *p_strdup_until(pool_t pool, const mem = p_malloc(pool, size + 1); memcpy(mem, start, size); + mem[size] = '\0'; return mem; } Noticed while testing $-terminated modular crypt strings, because I didn't (and still don't) understand the reason for line 65 of password-scheme.c; ... /* stop at next '$' */ p = strchr(p+3, '$'); if (p != NULL) *password = t_strdup_until(*password, p); ... and I have ln -s 'J' /etc/malloc.conf on freebsd 5-current, so malloc'd memory isn't zeroed, causing a segfault. Is there some system that appends dollar signs to MCF formats? The commit message for r1.3 of password-scheme.c doesn't explain. Joshua. -- Joshua Goodall "as modern as tomorrow afternoon" joshua at roughtrade.net - FW109 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20040731/0bbf2582/attachment-0001.bin>
On Sat, 2004-07-31 at 19:01 +1000, Joshua Goodall wrote:> p/t_strdup_until wasn't returning a terminated string:> mem = p_malloc(pool, size + 1); > memcpy(mem, start, size); > + mem[size] = '\0'; > return mem;It does, because p_malloc() always allocates zero-filled memory area. Or doesn't it in some conditions?> Noticed while testing $-terminated modular crypt strings, because > I didn't (and still don't) understand the reason for line 65 of > password-scheme.c; > ... > /* stop at next '$' */ > p = strchr(p+3, '$'); > if (p != NULL) > *password = t_strdup_until(*password, p); > ... > and I have ln -s 'J' /etc/malloc.conf on freebsd 5-current, so > malloc'd memory isn't zeroed, causing a segfault.Shouldn't segfault there.. t_strdup_until() anyway doesn't ever even reach to \0 character. Or where exactly does it crash?> Is there some system that appends dollar signs to MCF formats? > The commit message for r1.3 of password-scheme.c doesn't explain.Well .. I don't have any MD5 passwords now so I'm not exatly sure if it's doing right. The code looks like it's expecting a string "$1$salt $password$" and it returns "$1$salt$password". password_generate_md5_crypt() seems to be able to deal with it. Linux's crypt(3) man page says glibc adds the $ in the end. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20040731/71ad9a45/attachment-0001.bin>