[dovecot-cvs] dovecot/src/auth mech-plain.c,1.9,1.10
cras at procontrol.fi
cras at procontrol.fi
Wed Feb 26 23:27:20 EET 2003
Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv10225/src/auth
Modified Files:
mech-plain.c
Log Message:
Invalid PLAIN auth request crashed auth process.
Index: mech-plain.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech-plain.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- mech-plain.c 18 Feb 2003 19:11:26 -0000 1.9
+++ mech-plain.c 26 Feb 2003 21:27:17 -0000 1.10
@@ -42,12 +42,17 @@
}
}
- /* split and save user/realm */
- auth_request->user = p_strdup(auth_request->pool, authenid);
- passdb->verify_plain(auth_request, pass, verify_callback);
+ if (authenid == NULL) {
+ /* invalid input */
+ mech_auth_finish(auth_request, NULL, 0, FALSE);
+ } else {
+ /* split and save user/realm */
+ auth_request->user = p_strdup(auth_request->pool, authenid);
+ passdb->verify_plain(auth_request, pass, verify_callback);
- /* make sure it's cleared */
- safe_memset(pass, 0, strlen(pass));
+ /* make sure it's cleared */
+ safe_memset(pass, 0, strlen(pass));
+ }
return TRUE;
}
More information about the dovecot-cvs
mailing list