From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Sat, 25 Apr 2020 09:30:50 +0000 (+0300)
Subject: auth: policy - Fix crash with auth_policy_check_after_auth=no and delay_until
X-Git-Tag: 2.3.11.2~138
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9257a02efd2b32d983dad135b3eb7ed967c1e81;p=thirdparty%2Fdovecot%2Fcore.git

auth: policy - Fix crash with auth_policy_check_after_auth=no and delay_until

The auth policy lookup context must not be allocated from stack, because it
is used in a timeout created by delay_until.

Fixes:
Panic: file auth-request.c: line 292 (auth_request_success_continue): assertion failed: (request->state == AUTH_REQUEST_STATE_MECH_CONTINUE)
---

diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index c723c29e34..8420c84329 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -190,14 +190,12 @@ void auth_request_success(struct auth_request *request,
 	i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
 
 	if (!request->set->policy_check_after_auth) {
-		buffer_t buf;
-		buffer_create_from_const_data(&buf, "", 0);
-		struct auth_policy_check_ctx ctx = {
-			.success_data = &buf,
-			.request = request,
-			.type = AUTH_POLICY_CHECK_TYPE_SUCCESS,
-		};
-		auth_request_policy_check_callback(0, &ctx);
+		struct auth_policy_check_ctx *ctx =
+			p_new(request->pool, struct auth_policy_check_ctx, 1);
+		ctx->success_data = buffer_create_dynamic(request->pool, 1);
+		ctx->request = request;
+		ctx->type = AUTH_POLICY_CHECK_TYPE_SUCCESS;
+		auth_request_policy_check_callback(0, ctx);
 		return;
 	}