blob: 12fa9ecc2e5d28a024c21d4c3e56d6aebfb09e62 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
diff -upr cmd5checkpw-0.30.orig/main.c cmd5checkpw-0.30/main.c
--- cmd5checkpw-0.30.orig/main.c 2003-09-18 16:34:01.000000000 +0300
+++ cmd5checkpw-0.30/main.c 2005-07-31 13:19:25.000000000 +0300
@@ -5,6 +5,7 @@
#include <pwd.h>
#include <stdio.h>
#include <unistd.h>
+#include <sys/types.h>
#define LINE_MAX 256
#define SASLUSERFILE "/var/qmail/users/authuser"
@@ -23,10 +24,26 @@ int doit(unsigned char *testlogin, unsig
unsigned char h;
FILE *fp;
int j;
-
+ uid_t uid;
+ gid_t gid;
char *linepnt;
if ((fp = fopen(SASLUSERFILE, READONLY)) == NULL) _exit(2);
+
+ uid = getuid();
+ gid = getgid();
+
+ if (gid != getegid()) {
+ if (setegid(gid))
+ _exit(2);
+ }
+
+
+ if (uid && (uid != geteuid())) {
+ if (seteuid(uid))
+ _exit(2);
+ }
+
while (fgets(line, LINE_MAX, fp) != NULL) {
if ((linepnt = strchr(line, '\n')) != NULL) {
*linepnt = 0;
@@ -39,7 +56,8 @@ int doit(unsigned char *testlogin, unsig
break;
}
}
- fclose(fp);
+
+ if (EOF == fclose(fp)) _exit(2);
if (!found_user) return(1);
|