[#4505] Missing error checks on fgets and fputs in poppassd.php driver
| Summary | Missing error checks on fgets and fputs in poppassd.php driver |
| Queue | Passwd |
| Queue Version | 3.0 |
| Type | Bug |
| State | Resolved |
| Priority | 2. Medium |
| Owners | |
| Requester | horde (at) koornneef (dot) net |
| Created | 10/08/2006 (581 days ago) |
| Due | |
| Updated | 10/09/2006 (580 days ago) |
| Assigned | |
| Resolved | 10/09/2006 (580 days ago) |
| Attachments | poppassd.diff.txt  |
| Milestone | |
| Patch |
State ⇒ Resolved
Tweaked and committed, thanks.State ⇒ Unconfirmed
Queue ⇒ Passwd
New Attachment: poppassd.diff.txt
Type ⇒ Bug
Priority ⇒ 2. Medium
Summary ⇒ Missing error checks on fgets and fputs in poppassd.php driver
The poppassd driver is missing some error checks on the fgets and fputs commands.
I'm running poppassd from inetd (on Debian 3.1) and am restricting access to it with hosts.allow and hosts.deny
If you block access to poppassd completely (e.g., "poppassd: ALL" in /etc/hosts.deny), then Passwd will report succes, even though the change failed. This is because it can connect to the service (i.e., open a socket), but not use it. The 200 welcome code is also not sent to the client.
So, after sending the user command, the service returns nothing. The poppassd.php code does not check this however.
I have created a small patch that fixes this, which I'll attach to this bugreport.
regards,
Leander