From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 9 May 2023 08:20:59 +0000 (+0300)
Subject: auth: db-lua - Check for nil in auth_request_lua_password_verify()
X-Git-Tag: 2.4.0~2757
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd1ddd00a3c98fea5740dbeb03efdd9304102023;p=thirdparty%2Fdovecot%2Fcore.git

auth: db-lua - Check for nil in auth_request_lua_password_verify()

Avoids crash if script calls the function with nil values.
---

diff --git a/src/auth/db-lua.c b/src/auth/db-lua.c
index e086307c2e..c0b22d7372 100644
--- a/src/auth/db-lua.c
+++ b/src/auth/db-lua.c
@@ -193,6 +193,10 @@ static int auth_request_lua_password_verify(lua_State *L)
 	const unsigned char *raw_password = NULL;
 	size_t raw_password_size;
 	int ret;
+	if (crypted_password == NULL)
+		return luaL_error(L, "Crypted password must not be nil");
+	if (plain_password == NULL)
+		return luaL_error(L, "Plain password must not be nil");
 	struct password_generate_params gen_params = {
 		.user = request->fields.original_username,
 		.rounds = 0