]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 08e9fd4)
auth: Fix auth-policy crash when username is NULL
authorAki Tuomi <aki.tuomi@dovecot.fi>
Wed, 23 Nov 2016 11:16:19 +0000 (13:16 +0200)
committerAki Tuomi <aki.tuomi@dovecot.fi>
Wed, 23 Nov 2016 11:16:19 +0000 (13:16 +0200)
If SASL request is invalid, or incomplete, and username
is left NULL, handle it gracefully by adding just
NUL byte in auth policy digest for username.

src/auth/auth-policy.c patch | blob | blame | history

diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c
index 27cedbabd08a88123168da56861ae7a21282167e..26131e791d97a9c68fdfa03f3af5f8e067206841 100755 (executable)
--- a/src/auth/auth-policy.c
+++ b/src/auth/auth-policy.c
@@ -442,7 +442,10 @@ void auth_policy_create_json(struct policy_lookup_ctx *context,
                context->set->policy_hash_nonce,
                strlen(context->set->policy_hash_nonce));
        /* use +1 to make sure \0 gets included */
-       digest->loop(ctx, context->request->user, strlen(context->request->user) + 1);
+       if (context->request->user == NULL)
+               digest->loop(ctx, "\0", 1);
+       else
+               digest->loop(ctx, context->request->user, strlen(context->request->user) + 1);
        if (password != NULL)
                digest->loop(ctx, password, strlen(password));
        ptr = (unsigned char*)str_c_modifiable(buffer);
Mirror of https://github.com/dovecot/core.git