From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Wed, 31 Jan 2018 21:14:49 +0000 (+0100)
Subject: lib-imap-urlauth: Fix segfault occurring when userid part is missing for "user+"... 
X-Git-Tag: 2.3.1~359
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5b2169951b214e713179a6484a72a41af789d388;p=thirdparty%2Fdovecot%2Fcore.git

lib-imap-urlauth: Fix segfault occurring when userid part is missing for "user+" or "submit+" URLAUTH access.
---

diff --git a/src/lib-imap-urlauth/imap-urlauth.c b/src/lib-imap-urlauth/imap-urlauth.c
index b4f8ca4cba..39b58d3d72 100644
--- a/src/lib-imap-urlauth/imap-urlauth.c
+++ b/src/lib-imap-urlauth/imap-urlauth.c
@@ -165,6 +165,10 @@ imap_urlauth_check_access(struct imap_urlauth_context *uctx,
 		/* these access types are only allowed if URL is accessed through imap */
 		if (strcasecmp(url->uauth_access_application, "user") == 0) {
 			/* user+<access_user> */
+			if (url->uauth_access_user == NULL) {
+				*error_r = "URLAUTH `user' access is missing userid";
+				return FALSE;
+			}
 			if (!uctx->access_anonymous ||
 				  strcasecmp(url->uauth_access_user, uctx->access_user) == 0)
 				return TRUE;
@@ -189,6 +193,9 @@ imap_urlauth_check_access(struct imap_urlauth_context *uctx,
 				"No '%s%s' access allowed for submission service",
 				url->uauth_access_application, userid);
 			return FALSE;
+		} else if (url->uauth_access_user == NULL) {
+			*error_r = "URLAUTH `submit' access is missing userid";
+			return FALSE;
 		} else if (!uctx->access_anonymous &&
 			strcasecmp(url->uauth_access_user, uctx->access_user) == 0) {
 			return TRUE;