Re: imapd/ipop3d coredump - the patch.

Michael Douglass (mikedoug@TEXAS.NET)
Thu, 05 Feb 1998 11:42:31 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: tl: "Re: Windows 95 Serv-U FTP bug"
Previous message: Alan Brown admin access: "Wingate abuse problems continue."
Maybe in reply to: raf@licj.....: "imapd/ipop3d coredump - the patch."

On Thu, Feb 05, 1998 at 09:45:38AM +0200, raf@licj..... (Bugtraq Mirror) said:

> - if (!(pw && pw->pw_uid)) return NIL;

> + if (!(pw)) return NIL;
> + if (!(pw->pw_uid)) return NIL;

> ... why do we need "optimisations" when authentificating users ???? :)
> and btw: in original version root was still able to log in...

You are very incorrect here. Both your version and the original
version do the exact same thing: If pw = valid_addr && pw->pw_uid
= 0 then it would return NIL; which would deny root.

However, the _readable_ way to write this would be:

if( !pw || !pw->pw_uid ) return NIL;

This stops if pw is not valid or if pw->pw_uid is 0. This is exactly
the same as the frist statement since:

!(A && B) == !A || !B

...only much more readable.

--
Michael Douglass
Texas Networking, Inc.

<tnet admin> anyway, I'm off, perl code is making me [a] crosseyed toady

Next message: tl: "Re: Windows 95 Serv-U FTP bug"
Previous message: Alan Brown admin access: "Wingate abuse problems continue."
Maybe in reply to: raf@licj.....: "imapd/ipop3d coredump - the patch."