]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 37ed92c)
*-login: Session ID generator wasn't encoding remote port number correctly to it.
authorTimo Sirainen <tss@iki.fi>
Sun, 27 Sep 2015 18:25:59 +0000 (21:25 +0300)
committerTimo Sirainen <tss@iki.fi>
Sun, 27 Sep 2015 18:25:59 +0000 (21:25 +0300)
The upper 8bits of the port number were always written as 0.
This could have lead to duplicate session ID strings in some rare cases.
Found by Coverity.

src/login-common/client-common.c patch | blob | blame | history

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index e525470cc98b87a96f9dd7be3543fb6d69bd9654..91928d60b47d0d6813b3a3866e1270a912ba07a4 100644 (file)
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -453,7 +453,7 @@ const char *client_get_session_id(struct client *client)
                buffer_append_c(buf, (timestamp >> i) & 0xff);
 
        buffer_append_c(buf, client->remote_port & 0xff);
-       buffer_append_c(buf, (client->remote_port >> 16) & 0xff);
+       buffer_append_c(buf, (client->remote_port >> 8) & 0xff);
 #ifdef HAVE_IPV6
        if (IPADDR_IS_V6(&client->ip))
                buffer_append(buf, &client->ip.u.ip6, sizeof(client->ip.u.ip6));
Mirror of https://github.com/dovecot/core.git