doveadm-server: Do not crash if empty data in authorization

diff --git a/src/doveadm/client-connection-http.c b/src/doveadm/client-connection-http.c
index b2af80f4e8f6e0c54536c19060e87ec31d560f19..cf273963a6740962f9233eadaf265366a435489a 100644 (file)
--- a/src/doveadm/client-connection-http.c
+++ b/src/doveadm/client-connection-http.c
@@ -653,13 +653,13 @@ doveadm_http_server_authorize_request(struct client_connection_http *conn)
                        string_t *b64_value = str_new(conn->client.pool, 32);
                        char *value = p_strdup_printf(conn->client.pool, "doveadm:%s", conn->client.set->doveadm_password);
                        base64_encode(value, strlen(value), b64_value);
-                       if (strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
+                       if (creds.data != NULL && strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
                        else i_error("Invalid authentication attempt to HTTP API");
                }
                else if (strcasecmp(creds.scheme, "X-Dovecot-API") == 0 && doveadm_settings->doveadm_api_key[0] != '\0') {
                        string_t *b64_value = str_new(conn->client.pool, 32);
                        base64_encode(doveadm_settings->doveadm_api_key, strlen(doveadm_settings->doveadm_api_key), b64_value);
-                       if (strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
+                       if (creds.data != NULL && strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
                        else i_error("Invalid authentication attempt to HTTP API");
                }
                else i_error("Unsupported authentication scheme to HTTP API");