From: Timo Sirainen Date: Thu, 30 Oct 2014 02:36:50 +0000 (+0200) Subject: *-login: And actually make the previous changes work. X-Git-Tag: 2.2.16.rc1~261 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82fb1ead38f4e1197993adb2f9c12e26531e9c92;p=thirdparty%2Fdovecot%2Fcore.git *-login: And actually make the previous changes work. --- diff --git a/src/imap-login/client.c b/src/imap-login/client.c index 26f2111ebd..b8db333b76 100644 --- a/src/imap-login/client.c +++ b/src/imap-login/client.c @@ -155,12 +155,12 @@ client_update_info(struct imap_client *client, client->common.local_port = atoi(value); else if (strcasecmp(key, "x-proxy-ttl") == 0) client->common.proxy_ttl = atoi(value); - else if (strcasecmp(key, "x-session-id") == 0) { - client->common.session_id = - p_strdup(client->common.pool, value); - } else if (strcasecmp(key, "x-session-ext-id") == 0) { - client->common.session_id = - p_strdup(client->common.pool, value); + else if (strcasecmp(key, "x-session-id") == 0 || + strcasecmp(key, "x-session-ext-id") == 0) { + if (strlen(value) <= LOGIN_MAX_SESSION_ID_LEN) { + client->common.session_id = + p_strdup(client->common.pool, value); + } } } diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h index 38572b2627..3f44db9166 100644 --- a/src/login-common/client-common.h +++ b/src/login-common/client-common.h @@ -6,6 +6,7 @@ #include "sasl-server.h" #include "master-login.h" /* for LOGIN_MAX_SESSION_ID_LEN */ +#define LOGIN_MAX_SESSION_ID_LEN 64 #define LOGIN_MAX_MASTER_PREFIX_LEN 128 /* max. size of input buffer. this means: diff --git a/src/pop3-login/client.c b/src/pop3-login/client.c index 59644d8b77..a8f0645047 100644 --- a/src/pop3-login/client.c +++ b/src/pop3-login/client.c @@ -57,8 +57,12 @@ static bool cmd_xclient(struct pop3_client *client, const char *args) else client->common.remote_port = remote_port; } else if (strncasecmp(*tmp, "SESSION=", 8) == 0) { - client->common.session_id = - p_strdup(client->common.pool, *tmp + 8); + const char *value = *tmp + 8; + + if (strlen(value) <= LOGIN_MAX_SESSION_ID_LEN) { + client->common.session_id = + p_strdup(client->common.pool, value); + } } else if (strncasecmp(*tmp, "TTL=", 4) == 0) { if (str_to_uint(*tmp + 4, &client->common.proxy_ttl) < 0) args_ok = FALSE;