]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 666a830)
auth: Fail authentication if username/password contains NULs
authorMarkus Valentin <markus.valentin@open-xchange.com>
Wed, 25 Mar 2020 12:48:13 +0000 (13:48 +0100)
committertimo.sirainen <timo.sirainen@open-xchange.com>
Fri, 24 Apr 2020 12:00:22 +0000 (12:00 +0000)
In mech-plain and mech-dovecot-token the number of NULs splitting the
fields could have been higher then expected. This change ensures that if
there are more then the expected amount of NULs the authentication will
fail.

src/auth/mech-dovecot-token.c patch | blob | blame | history
src/auth/mech-plain.c patch | blob | blame | history

diff --git a/src/auth/mech-dovecot-token.c b/src/auth/mech-dovecot-token.c
index 55ca3e19acde7f862274244eb97776f5481fa578..9b70a4e9186acd8da0ffda84e5ae0451064f62b8 100644 (file)
--- a/src/auth/mech-dovecot-token.c
+++ b/src/auth/mech-dovecot-token.c
@@ -30,12 +30,13 @@ mech_dovecot_token_auth_continue(struct auth_request *request,
                                username = (const char *)data + i;
                        else if (count == 3)
                                session_id = (const char *)data + i;
-                       else {
+                       else if (count == 4) {
                                len = data_size - i;
                                auth_token = p_strndup(unsafe_data_stack_pool,
                                                       data+i, len);
-                               break;
                        }
+                       else
+                               break;
                }
        }       
 
diff --git a/src/auth/mech-plain.c b/src/auth/mech-plain.c
index 344cbe1bf8ed932d5ec635b76fade0fa4d6d8ea6..1e21e7e3267af425bf2f483f9be169edad9e4377 100644 (file)
--- a/src/auth/mech-plain.c
+++ b/src/auth/mech-plain.c
@@ -24,13 +24,14 @@ mech_plain_auth_continue(struct auth_request *request,
                if (data[i] == '\0') {
                        if (++count == 1)
                                authenid = (const char *) data + i+1;
-                       else {
+                       else if (count == 2) {
                                i++;
                                len = data_size - i;
                                pass = p_strndup(unsafe_data_stack_pool,
                                                 data+i, len);
-                               break;
                        }
+                       else
+                               break;
                }
        }
 
Mirror of https://github.com/dovecot/core.git