]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
*-login: And actually make the previous changes work.
authorTimo Sirainen <tss@iki.fi>
Thu, 30 Oct 2014 02:36:50 +0000 (04:36 +0200)
committerTimo Sirainen <tss@iki.fi>
Thu, 30 Oct 2014 02:36:50 +0000 (04:36 +0200)
src/imap-login/client.c
src/login-common/client-common.h
src/pop3-login/client.c

index 26f2111ebdfe2ced0893cec30b9c74eeecdbc1e1..b8db333b76e4955a78e121dc14dbb3b761af571e 100644 (file)
@@ -155,12 +155,12 @@ client_update_info(struct imap_client *client,
                client->common.local_port = atoi(value);
        else if (strcasecmp(key, "x-proxy-ttl") == 0)
                client->common.proxy_ttl = atoi(value);
-       else if (strcasecmp(key, "x-session-id") == 0) {
-               client->common.session_id =
-                       p_strdup(client->common.pool, value);
-       } else if (strcasecmp(key, "x-session-ext-id") == 0) {
-               client->common.session_id =
-                       p_strdup(client->common.pool, value);
+       else if (strcasecmp(key, "x-session-id") == 0 ||
+                strcasecmp(key, "x-session-ext-id") == 0) {
+               if (strlen(value) <= LOGIN_MAX_SESSION_ID_LEN) {
+                       client->common.session_id =
+                               p_strdup(client->common.pool, value);
+               }
        }
 }
 
index 38572b26275bd569c7800c91c719b2eabfb18a7e..3f44db91669573851b8f0c15730adebeedae9af6 100644 (file)
@@ -6,6 +6,7 @@
 #include "sasl-server.h"
 #include "master-login.h" /* for LOGIN_MAX_SESSION_ID_LEN */
 
+#define LOGIN_MAX_SESSION_ID_LEN 64
 #define LOGIN_MAX_MASTER_PREFIX_LEN 128
 
 /* max. size of input buffer. this means:
index 59644d8b7796a287c755eca139507aca90e5178f..a8f064504714d01b2e5d055bf7fcbf1c93603e17 100644 (file)
@@ -57,8 +57,12 @@ static bool cmd_xclient(struct pop3_client *client, const char *args)
                        else
                                client->common.remote_port = remote_port;
                } else if (strncasecmp(*tmp, "SESSION=", 8) == 0) {
-                       client->common.session_id =
-                               p_strdup(client->common.pool, *tmp + 8);
+                       const char *value = *tmp + 8;
+
+                       if (strlen(value) <= LOGIN_MAX_SESSION_ID_LEN) {
+                               client->common.session_id =
+                                       p_strdup(client->common.pool, value);
+                       }
                } else if (strncasecmp(*tmp, "TTL=", 4) == 0) {
                        if (str_to_uint(*tmp + 4, &client->common.proxy_ttl) < 0)
                                args_ok = FALSE;