From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Sun, 20 May 2018 18:32:12 +0000 (+0300)
Subject: auth: Fix assert-crash if auth client sends 0 as ID
X-Git-Tag: 2.3.9~1828
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb08f805f07d29249412901c9d6587fe31abdebb;p=thirdparty%2Fdovecot%2Fcore.git

auth: Fix assert-crash if auth client sends 0 as ID

This could be triggered by anyone having (local) write access to the auth
socket.
---

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index 8b2f35f983..9875ba69e0 100644
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -490,7 +490,7 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
 	/* <id> <mechanism> [...] */
 	list = t_strsplit_tabescaped(args);
 	if (list[0] == NULL || list[1] == NULL ||
-	    str_to_uint(list[0], &id) < 0) {
+	    str_to_uint(list[0], &id) < 0 || id == 0) {
 		i_error("BUG: Authentication client %u "
 			"sent broken AUTH request", handler->client_pid);
 		return FALSE;