]> git.ipfire.org Git - thirdparty/dovecot/core.git/commit
projects / thirdparty / dovecot / core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3d99535) | patch
auth: Don't allow auth clients to set internal auth request fields.
authorTimo Sirainen <tss@iki.fi>
Fri, 18 Nov 2011 20:07:16 +0000 (22:07 +0200)
committerTimo Sirainen <tss@iki.fi>
Fri, 18 Nov 2011 20:07:16 +0000 (22:07 +0200)
commitab122a3bbae3b5fd2aad66e2f2840149d98cee52
tree48c9fe69b9476f71d78d06128f306c9c5f442aadtree | snapshot
parent3d99535d3e840267cbce05c0155f0fcf402f2dc4commit | diff
auth: Don't allow auth clients to set internal auth request fields.
This could have allowed attacker to bypass authentication if login process
was first successfully attacked to allow arbitrary code execution.
src/auth/auth-master-connection.c diff | blob | blame | history
src/auth/auth-request-handler.c diff | blob | blame | history
src/auth/auth-request.c diff | blob | blame | history
src/auth/auth-request.h diff | blob | blame | history
Mirror of https://github.com/dovecot/core.git