From: 
       "Chad" <chad@bwn.net>
                                                  01/24/01 16:40

 Subject:
       Re: cyrus-sasl-1.5.24
    To: 
       "DMZ" <dmz@dmzs.com>




Found a patch for cyrus-1.5.24 matthew billings added his
security fix to it
also.

Here is the code if you want it or not.

checkpw.c from lib directory of cyrus-sasl-1.5.24

/* DMZ mysql auth 12/29/1999
 * Updated to 1.5.24 by SWH 09/12/2000
 * changed to malloc qbuf Simon Loader 10/21/2000
 */

#ifdef USE_CRYPT_PASSWORD
#define QUERY_STRING    "select emailaddr,password from %s
where emailaddr =
'%s'"
#else
#define QUERY_STRING    "select emailaddr,password from %s
where emailaddr =
'%s'"
#endif

static int mysql_verify_password(sasl_conn_t *conn,
                                const char *userid,
                                const char *password,
                                const char *service
__attribute__((unused)),
                                const char *user_realm
__attribute__((unused)),
                                const char **reply)
{
   unsigned int numrows;
   MYSQL mysql,*sock;
   MYSQL_RES *result;
   char *qbuf;
   char *db_user="huh",
        *db_passwd="",
        *db_host="0.0.0.0",
        *db_database="smtpauth",
        *db_table="accounts";
        MYSQL_ROW       rows;
        unsigned int    mattcount=0;
        char            *sqllogin;
        char            *sqlpassword;
   sasl_getopt_t *getopt;
   void *context;

   if (!userid || !password) {
       return SASL_BADAUTH;
   }
if(!isalnum(userid[0]))
{
        return SASL_BADAUTH;
}
   if (reply) { *reply = NULL; }

    if (!(sock =
mysql_connect(&mysql,db_host,db_user,db_passwd)))
    {
      if (reply) { *reply = "cannot connect to MySQL server";
}
      return SASL_FAIL;
    }

    if (mysql_select_db(sock,db_database) < 0)
    {
      mysql_close(sock);
      if (reply) { *reply = "cannot select MySQL database"; }
      return SASL_FAIL;
    }
    /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL =
'userid' AND
DB_PWCOL = password('password') */
    if ( (qbuf = (char
*)malloc(strlen(QUERY_STRING)+strlen(db_table)
                                +strlen(userid)+1)) == NULL )
{
      if (reply) {
        *reply = "cannot malloc memory for sql query";
      }
      return SASL_FAIL;
    }
    sprintf(qbuf,QUERY_STRING,db_table,userid);
    if (mysql_query(sock,qbuf) < 0 ||
!(result=mysql_store_result(sock)))
    {
      free(qbuf);
      mysql_close(sock);
      return SASL_FAIL;
    }

    if (result) file://There were some rows found
    {
           if ((numrows = mysql_affected_rows(&mysql)) != 1)
           {
                   mysql_free_result(result);
                   mysql_close(sock);
                   if ((numrows > 1) && (reply)) { *reply =
"Detected
duplicate entries for user"; }
                   free(qbuf);
                   return SASL_BADAUTH;
           } else {
mattcount=0;
while(mattcount < numrows)
{
        rows = mysql_fetch_row(result);
        sqllogin = rows[0];
        sqlpassword = rows[1];
if(strcmp(sqllogin,userid) == 0)
{
        if(strcmp(sqlpassword,password) == 0)
        {
                free(qbuf);
                mysql_free_result(result);
                mysql_close(sock);
                return SASL_OK;
        }
        else
        {
                free(qbuf);
                mysql_free_result(result);
                mysql_close(sock);
                return SASL_BADAUTH;
        }
}
else
{
                free(qbuf);
                mysql_free_result(result);
                mysql_close(sock);
                return SASL_BADAUTH;
}
++mattcount;
}

           }
    }
    free(qbuf);
    mysql_free_result(result);
    mysql_close(sock);
    return SASL_BADAUTH;
}
#endif /* HAVE_MYSQL */