From: Markus Valentin <markus.valentin@open-xchange.com>
Date: Wed, 25 Mar 2020 12:48:13 +0000 (+0100)
Subject: auth: Fail authentication if username/password contains NULs
X-Git-Tag: 2.3.11.2~179
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=66743c55f46f1f2ff1e7eeee1207dc1bba957353;p=thirdparty%2Fdovecot%2Fcore.git

auth: Fail authentication if username/password contains NULs

In mech-plain and mech-dovecot-token the number of NULs splitting the
fields could have been higher then expected. This change ensures that if
there are more then the expected amount of NULs the authentication will
fail.
---

diff --git a/src/auth/mech-dovecot-token.c b/src/auth/mech-dovecot-token.c
index 55ca3e19ac..9b70a4e918 100644
--- a/src/auth/mech-dovecot-token.c
+++ b/src/auth/mech-dovecot-token.c
@@ -30,12 +30,13 @@ mech_dovecot_token_auth_continue(struct auth_request *request,
 				username = (const char *)data + i;
 			else if (count == 3)
 				session_id = (const char *)data + i;
-			else {
+			else if (count == 4) {
 				len = data_size - i;
 				auth_token = p_strndup(unsafe_data_stack_pool,
 						       data+i, len);
-				break;
 			}
+			else
+				break;
 		}
 	}	
 
diff --git a/src/auth/mech-plain.c b/src/auth/mech-plain.c
index 344cbe1bf8..1e21e7e326 100644
--- a/src/auth/mech-plain.c
+++ b/src/auth/mech-plain.c
@@ -24,13 +24,14 @@ mech_plain_auth_continue(struct auth_request *request,
 		if (data[i] == '\0') {
 			if (++count == 1)
 				authenid = (const char *) data + i+1;
-			else {
+			else if (count == 2) {
 				i++;
 				len = data_size - i;
 				pass = p_strndup(unsafe_data_stack_pool,
 						 data+i, len);
-				break;
 			}
+			else
+				break;
 		}
 	}