From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 5 Nov 2020 11:25:19 +0000 (+0200)
Subject: auth: db-oauth2 - Do not allow empty active_value or active_attribute, when other... 
X-Git-Tag: 2.3.13~53
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=98798b85a1820abacd2d20cc22c43eae39149ab3;p=thirdparty%2Fdovecot%2Fcore.git

auth: db-oauth2 - Do not allow empty active_value or active_attribute, when other is set
---

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 463e4555c8..f926d272f2 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -258,6 +258,13 @@ struct db_oauth2 *db_oauth2_init(const char *config_path)
 	db->oauth2_set.use_grant_password = db->set.use_grant_password;
 	db->oauth2_set.scope = db->set.scope;
 
+	if (*db->set.active_attribute != '\0' &&
+	    *db->set.active_value == '\0')
+		i_fatal("oauth2: Cannot have empty active_value if active_attribute is set");
+	if (*db->set.active_attribute == '\0' &&
+	    *db->set.active_value != '\0')
+		i_fatal("oauth2: Cannot have empty active_attribute is active_value is set");
+
 	if (*db->set.introspection_mode == '\0' ||
 	    strcmp(db->set.introspection_mode, "auth") == 0) {
 		db->oauth2_set.introspection_mode = INTROSPECTION_MODE_GET_AUTH;