 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
4 messages in net.sourceforge.lists.courier-sqwebmailRe: [sqwebmail] (no subject)| From | Sent On | Attachments |
|---|---|---|
| Pawel Tecza | Aug 11, 2006 3:46 am |  .gz |
| Pawel Tecza | Aug 11, 2006 3:55 am | |
| Sam Varshavchik | Aug 11, 2006 7:04 pm | |
| Pawel Tecza | Aug 14, 2006 7:05 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [sqwebmail] (no subject) | Actions... |
|---|---|---|
| From: | Sam Varshavchik (mrs...@courier-mta.com) | |
| Date: | Aug 11, 2006 7:04:19 pm | |
| List: | net.sourceforge.lists.courier-sqwebmail | |
Pawel Tecza writes:
Hi Sam,
We have discovered two little white spaces related bugs:
1. If a user tries to login and types by accident white space(s) after his username, then he can see following error message:
Unable to access your mailbox, sqwebmail permissions may be wrong.
In the Courier log I have found:
Aug 10 12:09:03 localhost authdaemond: authmysql: trying this module Aug 10 12:09:03 localhost authdaemond: SQL query: SELECT ulp.local_part, u.cryptpw, u.clearpw, u.uid, u.gid, u.home, '', u.quota, u.fullname FROM users AS u, user_local_part AS ulp WHERE u.user_id=ulp.user_id AND ulp.local_part='ptecza ' [...] Aug 10 12:09:03 localhost authdaemond: password matches successfully [...] Aug 10 12:09:04 localhost sqwebmaild: LOGIN, user=ptecza , ip=[10.1.1.100] Aug 10 12:09:06 localhost authdaemond: received userid lookup request: ptecza+++ Aug 10 12:09:06 localhost authdaemond: authmysql: trying this module Aug 10 12:09:06 localhost authdaemond: SQL query: SELECT ulp.local_part, u.cryptpw, u.clearpw, u.uid, u.gid, u.home, '', u.quota, u.fullname FROM users AS u, user_local_part AS ulp WHERE u.user_id=ulp.user_id AND ulp.local_part='ptecza+++' [...] Aug 10 12:09:06 localhost authdaemond: zero rows returned Aug 10 12:09:06 localhost authdaemond: authmysql: REJECT - try next module
2. If a user wants to create or rename folder and types by accident white space(s) after foldername, then he can do it. So, he can create many folders with the same prefix, but different number of trailing spaces and all of them look the same at "Folders" page :D
My patch solves the bugs by trimming trailing (and also leading) white spaces from username/foldername string. If you want you can apply it.
Have a cool day ;)
You have a number of problems here.
There are a number of portability problems in trim_spaces(). The Linux man page for strcpy() says "The strings may not overlap", and on other systems the man page likely says the same thing.
You also have another portability problem when the original string is empty. One of your pointers will be temporarily set to one byte before the beginning of the string. The pointer will never get dereferenced, this is non-portable. I can't image this causing any problems on any modern platform, but this is a no-no for portable code.
You must always keep in mind, whatever you do, that just because it works on your system, that doesn't mean it will work on everyone else's system as well.
[…]
Stripping spaces from the username is fine. The way you're doing it for the foldername is not right. The way you've done it, if there's an existing folder with trailing spaces, your patch will break. Break horribly.
The only thing you need to do is prevent the folder from being created. If a folder already exists, don't touch it. Don't touch folder_utf7. Instead, prevent this folder from being created. In folder.c:
if (*cgi("do.create")) { const char *newfoldername=cgi("foldername");
Fix it right here.
const char *r=cgi("renametoname");
And here.
If the folder already exists, leave it alone. File it under the "Doctor, it hurts when I do this/Well, don't do that, then" category.