login-imap, imap: Truncate excessively large IMAP ID parameters in log messages

author Karl Fleischmann <karl.fleischmann@open-xchange.com>

Wed, 1 Mar 2023 13:44:09 +0000 (14:44 +0100)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Fri, 31 Mar 2023 05:54:46 +0000 (05:54 +0000)
author Karl Fleischmann <karl.fleischmann@open-xchange.com>
Wed, 1 Mar 2023 13:44:09 +0000 (14:44 +0100)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Fri, 31 Mar 2023 05:54:46 +0000 (05:54 +0000)
diff --git a/src/imap-login/imap-login-cmd-id.c b/src/imap-login/imap-login-cmd-id.c

index 2fabd896cfa0c0449933a624365585052bfbe023..1515df7ec3a7e1fc8f36f68499a71a36f533fac5 100644 (file)
--- a/src/imap-login/imap-login-cmd-id.c
+++ b/src/imap-login/imap-login-cmd-id.c
@@ -2,6 +2,7 @@
  
  #include "login-common.h"
  #include "str.h"
+#include "str-sanitize.h"
  #include "imap-parser.h"
  #include "imap-quote.h"
  #include "imap-login-settings.h"
@@ -206,7 +207,8 @@ static void cmd_id_finish(struct imap_client *client)
                     str_len(client->cmd_id->log_reply) > 0) {
                         e_debug(client->cmd_id->params_event,
                                 "Pre-login ID sent: %s",
-                               str_c(client->cmd_id->log_reply));
+                               str_sanitize(str_c(client->cmd_id->log_reply),
+                                            IMAP_ID_PARAMS_LOG_MAX_LEN));
                 }
         }
  
diff --git a/src/imap/cmd-id.c b/src/imap/cmd-id.c

index 808d17cca5307fc2d4bcc63614724c391f34d1d7..70212d9f46666989838d8d4723b5bcf8540b0e0f 100644 (file)
--- a/src/imap/cmd-id.c
+++ b/src/imap/cmd-id.c
@@ -3,6 +3,7 @@
  #include "imap-common.h"
  #include "imap-id.h"
  #include "str.h"
+#include "str-sanitize.h"
  
  static void
  cmd_id_log_params(const struct imap_arg *args, struct event *event,
@@ -55,7 +56,9 @@ bool cmd_id(struct client_command_context *cmd)
                 string_t *log_reply = str_new(default_pool, 64);
                 cmd_id_log_params(args, event, log_reply);
                 if (str_len(log_reply) > 0)
-                       e_debug(event, "ID sent: %s", str_c(log_reply)));
+                       e_debug(event, "ID sent: %s",
+                               str_sanitize(str_c(log_reply),
+                                            IMAP_ID_PARAMS_LOG_MAX_LEN));
                 event_unref(&event);
                 str_free(&log_reply);
         }
diff --git a/src/lib-imap/imap-id.h b/src/lib-imap/imap-id.h

index 88d15aefe8715307438c0688d12988efa4ec91b0..ddf73d7cbd1c4c066c9c14022c96e7e5ca160fd2 100644 (file)
--- a/src/lib-imap/imap-id.h
+++ b/src/lib-imap/imap-id.h
@@ -15,6 +15,8 @@ struct imap_id_log_entry {
  
  /* RFC 2971 says keys are max. 30 octets */
  #define IMAP_ID_KEY_MAX_LEN 30
+/* Truncate excessively large IMAP ID parameters in log lines. */
+#define IMAP_ID_PARAMS_LOG_MAX_LEN 1024
  
  /* Return ID reply based on given settings. */
  const char *imap_id_reply_generate(const char *settings);
author	Karl Fleischmann <karl.fleischmann@open-xchange.com>
	Wed, 1 Mar 2023 13:44:09 +0000 (14:44 +0100)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Fri, 31 Mar 2023 05:54:46 +0000 (05:54 +0000)
src/imap-login/imap-login-cmd-id.c		patch \| blob \| blame \| history
src/imap/cmd-id.c		patch \| blob \| blame \| history
src/lib-imap/imap-id.h		patch \| blob \| blame \| history