From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 7 Oct 2021 00:55:59 +0000 (+0300)
Subject: auth: db-passwd-file - Fix using paths with %% escaped characters but no %variables
X-Git-Tag: 2.3.18~226
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e7754572e67c5b6cdbb1eab8aca23107dfb918ff;p=thirdparty%2Fdovecot%2Fcore.git

auth: db-passwd-file - Fix using paths with %% escaped characters but no %variables

full_key might not have been NULL, causing var_expand() to read past the
array and possibly crash.
---

diff --git a/src/auth/db-passwd-file.c b/src/auth/db-passwd-file.c
index 6a5113cd44..e26c1466d6 100644
--- a/src/auth/db-passwd-file.c
+++ b/src/auth/db-passwd-file.c
@@ -350,11 +350,12 @@ db_passwd_file_init(const char *path, bool userdb, bool debug)
 
 	if (percents && !db->vars) {
 		/* just extra escaped % chars. remove them. */
-		struct var_expand_table empty_table[1];
+		struct var_expand_table empty_table[1] = {
+			{ .key = '\0' },
+		};
 		string_t *dest;
 		const char *error;
 
-		empty_table[0].key = '\0';
 		dest = t_str_new(256);
 		if (var_expand(dest, path, empty_table, &error) <= 0)
 			i_unreached();