imap-acl: Fail if ACL identifier is invalid

Reject invalid identifiers early in imap_acl_identifier_parse() using
acl_id_is_valid(). This prevents CR/LF injection and rejects identifiers
that are too long, contain control characters or are not valid UTF-8.

diff --git a/src/plugins/imap-acl/imap-acl-plugin.c b/src/plugins/imap-acl/imap-acl-plugin.c
index d24def88ec4cfc821b3e7234079d9dd526de43c0..832ae9e1d8a8b54f0788954afa162a5b4aee2fc1 100644 (file)
--- a/src/plugins/imap-acl/imap-acl-plugin.c
+++ b/src/plugins/imap-acl/imap-acl-plugin.c
@@ -881,6 +881,11 @@ imap_acl_identifier_parse(struct client_command_context *cmd,
        allow_anyone = set->allow_anyone;
        settings_free(set);
 
+       if (!acl_id_is_valid(id)) {
+               *client_error_r = "Invalid identifier";
+               return -1;
+       }
+
        if (str_begins_with(id, IMAP_ACL_GLOBAL_PREFIX)) {
                *client_error_r = t_strdup_printf(
                        "Global ACLs can't be modified: %s", id);