[Tickets #4505] NEW: Missing error checks on fgets and fputs in poppassd.php driver
bugs@bugs.horde.org
bugs at bugs.horde.org
Sun Oct 8 09:58:02 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=4505
-----------------------------------------------------------------------
Ticket | 4505
Created By | horde at koornneef.net
Summary | Missing error checks on fgets and fputs in poppassd.php driver
Queue | Passwd
Version | 3.0
Type | Bug
State | Unconfirmed
Priority | 2. Medium
Owners |
+New Attachment | poppassd.diff.txt
-----------------------------------------------------------------------
horde at koornneef.net (2006-10-08 09:58) wrote:
The poppassd driver is missing some error checks on the fgets and fputs
commands.
I'm running poppassd from inetd (on Debian 3.1) and am restricting access
to it with hosts.allow and hosts.deny
If you block access to poppassd completely (e.g., "poppassd: ALL" in
/etc/hosts.deny), then Passwd will report succes, even though the change
failed. This is because it can connect to the service (i.e., open a
socket), but not use it. The 200 welcome code is also not sent to the
client.
So, after sending the user command, the service returns nothing. The
poppassd.php code does not check this however.
I have created a small patch that fixes this, which I'll attach to this
bugreport.
regards,
Leander
More information about the bugs
mailing list