]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f8d9e6c)
lib-imap-urlauth: Fix segfault occurring when userid part is missing for "user+"...
authorStephan Bosch <stephan.bosch@dovecot.fi>
Wed, 31 Jan 2018 21:14:49 +0000 (22:14 +0100)
committerTimo Sirainen <timo.sirainen@dovecot.fi>
Thu, 1 Feb 2018 08:45:46 +0000 (10:45 +0200)
src/lib-imap-urlauth/imap-urlauth.c patch | blob | blame | history

diff --git a/src/lib-imap-urlauth/imap-urlauth.c b/src/lib-imap-urlauth/imap-urlauth.c
index b4f8ca4cba957e5516c36c3f6dfd814a92a1d8a5..39b58d3d72edcf2aaf3ee5671a4fc88f9495dd4d 100644 (file)
--- a/src/lib-imap-urlauth/imap-urlauth.c
+++ b/src/lib-imap-urlauth/imap-urlauth.c
@@ -165,6 +165,10 @@ imap_urlauth_check_access(struct imap_urlauth_context *uctx,
                /* these access types are only allowed if URL is accessed through imap */
                if (strcasecmp(url->uauth_access_application, "user") == 0) {
                        /* user+<access_user> */
+                       if (url->uauth_access_user == NULL) {
+                               *error_r = "URLAUTH `user' access is missing userid";
+                               return FALSE;
+                       }
                        if (!uctx->access_anonymous ||
                                  strcasecmp(url->uauth_access_user, uctx->access_user) == 0)
                                return TRUE;
@@ -189,6 +193,9 @@ imap_urlauth_check_access(struct imap_urlauth_context *uctx,
                                "No '%s%s' access allowed for submission service",
                                url->uauth_access_application, userid);
                        return FALSE;
+               } else if (url->uauth_access_user == NULL) {
+                       *error_r = "URLAUTH `submit' access is missing userid";
+                       return FALSE;
                } else if (!uctx->access_anonymous &&
                        strcasecmp(url->uauth_access_user, uctx->access_user) == 0) {
                        return TRUE;
Mirror of https://github.com/dovecot/core.git