Subject: poppass-cgi: Expects specific textual responses from poppass server Package: poppass-cgi Version: 3-4 Severity: normal
*** Please type your report below this line *** poppass-cgi does not look only at the numbers, namely 200 and 500, in the poppass server's responses, but actually looks into the strings, expecting to see things like "poppassd", "new password", etc. This contradicts Steve Dorner's description of the protocol (which can be found in the beginning of poppassd.c) as well as the established practice in FTP and HTTP. I located this problem because I'm writing a replacement for poppassd, which shows different messages; to take the most obvious example, when it introduces itself it says 200 pypoppassd ... rather than 200 poppassd ... poppass-cgi should look at the numbers only and determine what is need from the order, which is user-pass-newpass-quit. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages poppass-cgi depends on: ii libwww-perl 5.805-1 WWW client/server library for Perl ii perl 5.8.8-7 Larry Wall's Practical Extraction ii perl-modules [libcgi-pm-perl] 5.8.8-7 Core Perl modules poppass-cgi recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
