From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Fri, 3 Jun 2016 14:30:58 +0000 (+0300)
Subject: doveadm-server: Do not crash if empty data in authorization
X-Git-Tag: 2.3.0.rc1~3389
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3a429da1eca6b6513df1769dfb112d0febe2a33b;p=thirdparty%2Fdovecot%2Fcore.git

doveadm-server: Do not crash if empty data in authorization
---

diff --git a/src/doveadm/client-connection-http.c b/src/doveadm/client-connection-http.c
index b2af80f4e8..cf273963a6 100644
--- a/src/doveadm/client-connection-http.c
+++ b/src/doveadm/client-connection-http.c
@@ -653,13 +653,13 @@ doveadm_http_server_authorize_request(struct client_connection_http *conn)
 			string_t *b64_value = str_new(conn->client.pool, 32);
 			char *value = p_strdup_printf(conn->client.pool, "doveadm:%s", conn->client.set->doveadm_password);
 			base64_encode(value, strlen(value), b64_value);
-			if (strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
+			if (creds.data != NULL && strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
 			else i_error("Invalid authentication attempt to HTTP API");
 		}
 		else if (strcasecmp(creds.scheme, "X-Dovecot-API") == 0 && doveadm_settings->doveadm_api_key[0] != '\0') {
 			string_t *b64_value = str_new(conn->client.pool, 32);
 			base64_encode(doveadm_settings->doveadm_api_key, strlen(doveadm_settings->doveadm_api_key), b64_value);
-			if (strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
+			if (creds.data != NULL && strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
 			else i_error("Invalid authentication attempt to HTTP API");
 		}
 		else i_error("Unsupported authentication scheme to HTTP API");