From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Wed, 6 May 2020 10:47:36 +0000 (+0300)
Subject: lib-sasl: dsasl-client - Check for NULs in server response
X-Git-Tag: 2.3.11.2~106
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eaa62bfa50211a772d75f01b053526b4a054ea79;p=thirdparty%2Fdovecot%2Fcore.git

lib-sasl: dsasl-client - Check for NULs in server response

If server response unexpectedly contains embedded NULs, fail
authentication.
---

diff --git a/src/lib-sasl/dsasl-client-private.h b/src/lib-sasl/dsasl-client-private.h
index 3b0c202b1c..65b86f70b8 100644
--- a/src/lib-sasl/dsasl-client-private.h
+++ b/src/lib-sasl/dsasl-client-private.h
@@ -3,6 +3,10 @@
 
 #include "dsasl-client.h"
 
+enum dsasl_mech_security_flags {
+	DSASL_MECH_SEC_ALLOW_NULS	= 0x0001,
+};
+
 struct dsasl_client {
 	pool_t pool;
 	struct dsasl_client_settings set;
@@ -13,6 +17,7 @@ struct dsasl_client {
 struct dsasl_client_mech {
 	const char *name;
 	size_t struct_size;
+	enum dsasl_mech_security_flags flags;
 
 	int (*input)(struct dsasl_client *client,
 		     const unsigned char *input, size_t input_len,
diff --git a/src/lib-sasl/dsasl-client.c b/src/lib-sasl/dsasl-client.c
index ff02710d4d..6d0c130b07 100644
--- a/src/lib-sasl/dsasl-client.c
+++ b/src/lib-sasl/dsasl-client.c
@@ -86,6 +86,11 @@ int dsasl_client_input(struct dsasl_client *client,
 		       const unsigned char *input, size_t input_len,
 		       const char **error_r)
 {
+	if ((client->mech->flags & DSASL_MECH_SEC_ALLOW_NULS) == 0 &&
+	    memchr(input, '\0', input_len) != NULL) {
+		*error_r = "Unexpected NUL in input data";
+		return -1;
+	}
 	return client->mech->input(client, input, input_len, error_r);
 }