]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4bf05ba)
lib-sasl: sasl-server-mech-cram-md5 - Fix out of bounds memory read
authorTimo Sirainen <timo.sirainen@open-xchange.com>
Tue, 28 Apr 2026 07:23:27 +0000 (10:23 +0300)
committertimo.sirainen <timo.sirainen@open-xchange.com>
Thu, 30 Apr 2026 06:39:38 +0000 (06:39 +0000)
This was unlikely to cause any problems.

src/lib-sasl/sasl-server-mech-cram-md5.c patch | blob | blame | history

diff --git a/src/lib-sasl/sasl-server-mech-cram-md5.c b/src/lib-sasl/sasl-server-mech-cram-md5.c
index ef03e215ef92e80490916b3d89527b8c6a89d64b..bda13fd78eee882960fc1937f8e415b1c066b68d 100644 (file)
--- a/src/lib-sasl/sasl-server-mech-cram-md5.c
+++ b/src/lib-sasl/sasl-server-mech-cram-md5.c
@@ -69,7 +69,8 @@ verify_credentials(struct sasl_server_mech_request *auth_request,
 
        response_hex = binary_to_hex(digest, sizeof(digest));
 
-       if (!mem_equals_timing_safe(response_hex, request->response,
+       if (strlen(request->response) != sizeof(digest) * 2 ||
+           !mem_equals_timing_safe(response_hex, request->response,
                                    sizeof(digest) * 2)) {
                sasl_server_request_password_mismatch(auth_request);
                return;
Mirror of https://github.com/dovecot/core.git