From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Thu, 6 Oct 2016 12:13:30 +0000 (+0300)
Subject: director: Escape username when handling USER-KICK.
X-Git-Tag: 2.2.26~157
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=51701893c21b4f13e150f3ac1a60da16d7b21e83;p=thirdparty%2Fdovecot%2Fcore.git

director: Escape username when handling USER-KICK.

This could have caused problems if username parameter contained TABs or LFs,
which of course shouldn't normally happen.
---

diff --git a/src/director/director.c b/src/director/director.c
index f7f6c63704..5796d3945c 100644
--- a/src/director/director.c
+++ b/src/director/director.c
@@ -889,20 +889,22 @@ director_kick_user_callback(enum ipc_client_cmd_state state ATTR_UNUSED,
 void director_kick_user(struct director *dir, struct director_host *src,
 			struct director_host *orig_src, const char *username)
 {
-	const char *cmd;
+	string_t *cmd = t_str_new(64);
 
-	cmd = t_strdup_printf("proxy\t*\tKICK\t%s", username);
-	ipc_client_cmd(dir->ipc_proxy, cmd,
+	str_append(cmd, "proxy\t*\tKICK\t");
+	str_append_tabescaped(cmd, username);
+	ipc_client_cmd(dir->ipc_proxy, str_c(cmd),
 		       director_kick_user_callback, (void *)NULL);
 
 	if (orig_src == NULL) {
 		orig_src = dir->self_host;
 		orig_src->last_seq++;
 	}
-	cmd = t_strdup_printf("USER-KICK\t%s\t%u\t%u\t%s\n",
-		net_ip2addr(&orig_src->ip), orig_src->port, orig_src->last_seq,
-		username);
-	director_update_send_version(dir, src, DIRECTOR_VERSION_USER_KICK, cmd);
+	str_printfa(cmd, "USER-KICK\t%s\t%u\t%u\t",
+		net_ip2addr(&orig_src->ip), orig_src->port, orig_src->last_seq);
+	str_append_tabescaped(cmd, username);
+	str_append_c(cmd, '\n');
+	director_update_send_version(dir, src, DIRECTOR_VERSION_USER_KICK, str_c(cmd));
 }
 
 void director_kick_user_hash(struct director *dir, struct director_host *src,