auth: Fix assert-crash if auth client sends 0 as ID

author Timo Sirainen <timo.sirainen@dovecot.fi>

Sun, 20 May 2018 18:32:12 +0000 (21:32 +0300)

committer Timo Sirainen <timo.sirainen@dovecot.fi>

Mon, 21 May 2018 09:07:32 +0000 (09:07 +0000)
author Timo Sirainen <timo.sirainen@dovecot.fi>
Sun, 20 May 2018 18:32:12 +0000 (21:32 +0300)
committer Timo Sirainen <timo.sirainen@dovecot.fi>
Mon, 21 May 2018 09:07:32 +0000 (09:07 +0000)
diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c

index 8b2f35f983749d9665469551e7a96bd0791201a9..9875ba69e085e6cff18fdc98bd29f90314aa944d 100644 (file)
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -490,7 +490,7 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
         /* <id> <mechanism> [...] */
         list = t_strsplit_tabescaped(args);
         if (list[0] == NULL || list[1] == NULL ||
-           str_to_uint(list[0], &id) < 0) {
+           str_to_uint(list[0], &id) < 0 || id == 0) {
                 i_error("BUG: Authentication client %u "
                         "sent broken AUTH request", handler->client_pid);
                 return FALSE;
author	Timo Sirainen <timo.sirainen@dovecot.fi>
	Sun, 20 May 2018 18:32:12 +0000 (21:32 +0300)
committer	Timo Sirainen <timo.sirainen@dovecot.fi>
	Mon, 21 May 2018 09:07:32 +0000 (09:07 +0000)