login-common: Fail proxying if local_name is invalid

This is safeguard against sending malformed data that could
lead to unexpected override of fields in remote end.

diff --git a/src/login-common/login-proxy.c b/src/login-common/login-proxy.c
index 1f0b8f7b4c379b977a24fcf38cf77594fc652a87..13aa8464d4c9b882fc302b9581a9e4623439b9b6 100644 (file)
--- a/src/login-common/login-proxy.c
+++ b/src/login-common/login-proxy.c
@@ -1,6 +1,7 @@
 /* Copyright (c) 2004-2018 Dovecot authors, see the included COPYING file */
 
 #include "login-common.h"
+#include "connection.h"
 #include "ioloop.h"
 #include "istream.h"
 #include "ostream.h"
@@ -383,6 +384,14 @@ static int login_proxy_connect(struct login_proxy *proxy)
        proxy->num_waiting_connections_updated = FALSE;
        rec->num_waiting_connections++;
 
+       if (proxy->client->local_name != NULL &&
+           !connection_is_valid_dns_name(proxy->client->local_name)) {
+               login_proxy_failed(proxy, proxy->event,
+                                  LOGIN_PROXY_FAILURE_TYPE_INTERNAL,
+                                  "[BUG] Invalid local_name!");
+               return -1;
+       }
+
        if (proxy->client->proxy_ttl <= 1) {
                login_proxy_failed(proxy, proxy->event,
                        LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG,