If server response unexpectedly contains embedded NULs, fail
authentication.
#include "dsasl-client.h"
+enum dsasl_mech_security_flags {
+ DSASL_MECH_SEC_ALLOW_NULS = 0x0001,
+};
+
struct dsasl_client {
pool_t pool;
struct dsasl_client_settings set;
struct dsasl_client_mech {
const char *name;
size_t struct_size;
+ enum dsasl_mech_security_flags flags;
int (*input)(struct dsasl_client *client,
const unsigned char *input, size_t input_len,
const unsigned char *input, size_t input_len,
const char **error_r)
{
+ if ((client->mech->flags & DSASL_MECH_SEC_ALLOW_NULS) == 0 &&
+ memchr(input, '\0', input_len) != NULL) {
+ *error_r = "Unexpected NUL in input data";
+ return -1;
+ }
return client->mech->input(client, input, input_len, error_r);
}
projects / thirdparty / dovecot / core.git / commitdiff
