From: Timo Sirainen <tss@iki.fi>
Date: Fri, 9 Jul 2004 10:57:32 +0000 (+0300)
Subject: We could read authid past the buffer if \0password wasn't given in input.
X-Git-Tag: 1.1.alpha1~3805
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b9be868ee2fa57f75c16563380c844dbe12ab0b;p=thirdparty%2Fdovecot%2Fcore.git

We could read authid past the buffer if \0password wasn't given in input.

--HG--
branch : HEAD
---

diff --git a/src/auth/mech-plain.c b/src/auth/mech-plain.c
index d530bee74e..f639e6bfa2 100644
--- a/src/auth/mech-plain.c
+++ b/src/auth/mech-plain.c
@@ -42,10 +42,10 @@ mech_plain_auth_continue(struct auth_request *auth_request,
 		}
 	}
 
-	if (authenid == NULL) {
+	if (count != 2) {
 		/* invalid input */
 		if (verbose) {
-			i_info("plain(%s): no username given",
+			i_info("plain(%s): invalid input",
 			       get_log_prefix(auth_request));
 		}
 		mech_auth_finish(auth_request, NULL, 0, FALSE);