login-common: sasl authenticate_callback() - Fix null pointer dereferencing

Broken by e9c008893f963248d522173180734f0e8a4cced8
Found by coverity

The checking for "resp" in AUTH_REQUEST_STATUS_OK has been currently removed,
since we have no SASL mechanisms requiring it. Besides, it was only partially
implemented and didn't actually work.

diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h
index 480d2043056c12b00d922a3470625c06ea805eb5..e910c8a4c16da5e0bab18fe068c2c9d1fa218d2e 100644 (file)
--- a/src/login-common/client-common.h
+++ b/src/login-common/client-common.h
@@ -205,7 +205,6 @@ struct client {
        struct auth_client_request *reauth_request;
        string_t *auth_response;
        struct timeval auth_first_started, auth_finished;
-       const char *sasl_final_delayed_resp;
        enum sasl_server_reply delayed_final_reply;
        const char *const *final_args;
        const char *const *auth_passdb_args;

diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c
index 21efdff1981842766e73be679a369c599edad72c..6920b603f27bcd7cd73f7cbd3249a359f6017f3d 100644 (file)
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -371,9 +371,6 @@ authenticate_callback(struct auth_client_request *request,
                                client->auth_anonymous = TRUE;
                        } else if (str_begins(args[i], "event_", &key)) {
                                event_add_str(client->event_auth, key, value);
-                       } else if (strcmp(key, "resp") == 0) {
-                               client->sasl_final_delayed_resp =
-                                       p_strdup(client->pool, value);
                        }
                }
 
@@ -394,6 +391,7 @@ authenticate_callback(struct auth_client_request *request,
        case AUTH_REQUEST_STATUS_ABORT:
                client->auth_request = NULL;
 
+               const char *sasl_final_delayed_resp = NULL;
                if (args != NULL) {
                        /* parse our username if it's there */
                        for (i = 0; args[i] != NULL; i++) {
@@ -402,19 +400,19 @@ authenticate_callback(struct auth_client_request *request,
                                if (args_parse_user(client, key, value))
                                        continue;
                                if (strcmp(key, "resp") == 0) {
-                                       client->sasl_final_delayed_resp =
+                                       sasl_final_delayed_resp =
                                                p_strdup(client->preproxy_pool, value);
                                }
                        }
                }
 
-               if (client->sasl_final_delayed_resp != NULL &&
+               if (sasl_final_delayed_resp != NULL &&
                    !login_binary->sasl_support_final_reply) {
                        client->final_response = TRUE;
                        client->final_args = p_strarray_dup(client->preproxy_pool, args);
                        client->delayed_final_reply = SASL_SERVER_REPLY_AUTH_FAILED;
                        client->sasl_callback(client, SASL_SERVER_REPLY_CONTINUE,
-                                             client->sasl_final_delayed_resp, NULL);
+                                             sasl_final_delayed_resp, NULL);
                } else {
                        client->authenticating = FALSE;
                        call_client_callback(client, SASL_SERVER_REPLY_AUTH_FAILED,