From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Tue, 21 Mar 2023 22:44:58 +0000 (+0100)
Subject: auth: auth-request - Move SASL_MECH_SEC_ALLOW_NULS check to sasl-server
X-Git-Tag: 2.4.2~251
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=787eb43b5bca551a613a313ef8074b42574a1d7d;p=thirdparty%2Fdovecot%2Fcore.git

auth: auth-request - Move SASL_MECH_SEC_ALLOW_NULS check to sasl-server
---

diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index 490cb75f1a..abc5f6e152 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -424,30 +424,12 @@ bool auth_request_import_master(struct auth_request *request,
 	return TRUE;
 }
 
-static bool
-auth_request_fail_on_nuls(struct auth_request *request,
-			  const unsigned char *data, size_t data_size)
-{
-	if ((request->mech->flags & SASL_MECH_SEC_ALLOW_NULS) != 0)
-		return FALSE;
-	if (memchr(data, '\0', data_size) != NULL) {
-		e_debug(request->mech_event, "Unexpected NUL in auth data");
-		auth_request_fail(request);
-		return TRUE;
-	}
-	return FALSE;
-}
-
 void auth_request_initial(struct auth_request *request)
 {
 	i_assert(request->state == AUTH_REQUEST_STATE_NEW);
 
 	auth_request_set_state(request, AUTH_REQUEST_STATE_MECH_CONTINUE);
 
-	if (auth_request_fail_on_nuls(request, request->initial_response,
-				      request->initial_response_len))
-		return;
-
 	auth_sasl_request_initial(request);
 }
 
@@ -465,9 +447,6 @@ void auth_request_continue(struct auth_request *request,
 		return;
 	}
 
-	if (auth_request_fail_on_nuls(request, data, data_size))
-		return;
-
 	auth_request_refresh_last_access(request);
 	auth_sasl_request_continue(request, data, data_size);
 }
diff --git a/src/auth/sasl-server-request.c b/src/auth/sasl-server-request.c
index d13c084fca..d800e5669a 100644
--- a/src/auth/sasl-server-request.c
+++ b/src/auth/sasl-server-request.c
@@ -41,11 +41,30 @@ void sasl_server_request_destroy(struct auth_request *request)
 		mreq->mech->auth_free(mreq);
 }
 
+static bool
+sasl_server_request_fail_on_nuls(struct sasl_server_mech_request *mreq,
+				 const unsigned char *data, size_t data_size)
+{
+	const struct sasl_server_mech_def *mech = mreq->mech;
+
+	if ((mech->flags & SASL_MECH_SEC_ALLOW_NULS) != 0)
+		return FALSE;
+	if (memchr(data, '\0', data_size) != NULL) {
+		e_debug(mreq->mech_event, "Unexpected NUL in auth data");
+		sasl_server_request_failure(mreq);
+		return TRUE;
+	}
+	return FALSE;
+}
+
 void sasl_server_request_initial(struct sasl_server_mech_request *mreq,
 				 const unsigned char *data, size_t data_size)
 {
 	const struct sasl_server_mech_def *mech = mreq->mech;
 
+	if (sasl_server_request_fail_on_nuls(mreq, data, data_size))
+		return;
+
 	i_assert(mech->auth_initial != NULL);
 	mech->auth_initial(mreq, data, data_size);
 }
@@ -55,6 +74,9 @@ void sasl_server_request_input(struct sasl_server_mech_request *mreq,
 {
 	const struct sasl_server_mech_def *mech = mreq->mech;
 
+	if (sasl_server_request_fail_on_nuls(mreq, data, data_size))
+		return;
+
 	i_assert(mech->auth_continue != NULL);
 	mech->auth_continue(mreq, data, data_size);
 }