From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Mon, 3 Nov 2025 17:12:17 +0000 (+0100)
Subject: lib-sasl: fuzz-sasl-authentication - Limit the length of the passwords
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e7933aa71affbcfbf685d5305de36d52e3554a4;p=thirdparty%2Fdovecot%2Fcore.git

lib-sasl: fuzz-sasl-authentication - Limit the length of the passwords

For hashed algorithms, the password length could rise limitless, causing
fuzzer timeouts.

OSS-Fuzz report: 457240545
---

diff --git a/src/lib-sasl/fuzz-sasl-authentication.c b/src/lib-sasl/fuzz-sasl-authentication.c
index 604e35e84e..8c377c1242 100644
--- a/src/lib-sasl/fuzz-sasl-authentication.c
+++ b/src/lib-sasl/fuzz-sasl-authentication.c
@@ -20,6 +20,8 @@
 #include <unistd.h>
 #include <fcntl.h>
 
+#define FUZZ_SASL_MAX_PASSWORD_SIZE SASL_MAX_MESSAGE_SIZE
+
 enum fuzz_sasl_modification {
 	FUZZ_SASL_MOD_DELETE = 0,
 	FUZZ_SASL_MOD_REPLACE,
@@ -595,11 +597,15 @@ static void fuzz_sasl_run(struct istream *input)
 	line = i_stream_read_next_line(input);
 	if (line == NULL)
 		return;
+	if (strlen(line) > FUZZ_SASL_MAX_PASSWORD_SIZE)
+		return;
 	params.server_password = t_strdup(line);
 
 	line = i_stream_read_next_line(input);
 	if (line == NULL)
 		return;
+	if (strlen(line) > FUZZ_SASL_MAX_PASSWORD_SIZE)
+		return;
 	if (*line == '\0')
 		params.client_password = params.server_password;
 	else