client->common.local_port = atoi(value);
else if (strcasecmp(key, "x-proxy-ttl") == 0)
client->common.proxy_ttl = atoi(value);
- else if (strcasecmp(key, "x-session-id") == 0) {
- client->common.session_id =
- p_strdup(client->common.pool, value);
- } else if (strcasecmp(key, "x-session-ext-id") == 0) {
- client->common.session_id =
- p_strdup(client->common.pool, value);
+ else if (strcasecmp(key, "x-session-id") == 0 ||
+ strcasecmp(key, "x-session-ext-id") == 0) {
+ if (strlen(value) <= LOGIN_MAX_SESSION_ID_LEN) {
+ client->common.session_id =
+ p_strdup(client->common.pool, value);
+ }
}
}
#include "sasl-server.h"
#include "master-login.h" /* for LOGIN_MAX_SESSION_ID_LEN */
+#define LOGIN_MAX_SESSION_ID_LEN 64
#define LOGIN_MAX_MASTER_PREFIX_LEN 128
/* max. size of input buffer. this means:
else
client->common.remote_port = remote_port;
} else if (strncasecmp(*tmp, "SESSION=", 8) == 0) {
- client->common.session_id =
- p_strdup(client->common.pool, *tmp + 8);
+ const char *value = *tmp + 8;
+
+ if (strlen(value) <= LOGIN_MAX_SESSION_ID_LEN) {
+ client->common.session_id =
+ p_strdup(client->common.pool, value);
+ }
} else if (strncasecmp(*tmp, "TTL=", 4) == 0) {
if (str_to_uint(*tmp + 4, &client->common.proxy_ttl) < 0)
args_ok = FALSE;