Clean up after Gretzinger: cl->kname is not valid unless cl->clname is

non-NULL.

diff --git a/server/qrtn.qc b/server/qrtn.qc
index 505ae17646c55047abe7f6bbd7834e82bb055d58..10e31d36ddaaec52f4cb470f846815dfaf27c772 100644 (file)
--- a/server/qrtn.qc
+++ b/server/qrtn.qc
@@ -6,10 +6,18 @@
  *     Copyright (C) 1987 by the Massachusetts Institute of Technology
  *
  *     $Log$
- *     Revision 1.11  1987-09-01 16:10:01  wesommer
- *     This change was made by Mike, who didn't feel like checking it in.
- *     Temp hack: ignore instances.
+ *     Revision 1.12  1987-09-12 20:42:11  wesommer
+ *     Clean up after Gretzinger: cl->kname is not valid unless cl->clname is
+ *     non-NULL.
  *
+ * Revision 1.12  87/09/12  20:06:46  wesommer
+ * Fix security hole/null dereference bug: if clname is NULL, return
+ * permission denied in get_client.
+ * 
+ * Revision 1.11  87/09/01  16:10:01  wesommer
+ * This change was made by Mike, who didn't feel like checking it in.
+ * Temp hack: ignore instances.
+ * 
  * Revision 1.10  87/08/28  14:57:51  mike
  * Modified sms_query to not enclose RETRIEVE queries in begin/end transaction.
  * This was necessary to allow get_all_poboxes and get_groups_of_all_users
@@ -488,6 +496,9 @@ get_client(cl, client_type, client_id)
 ##  char *name;
 ##  int rowcount;
 
+    if (cl->clname == NULL)
+       return SMS_PERM;
+    
     /* for now ignore instances */
     krb = &cl->kname;