dovecot-1.0: Disable processing input while it's not expected, o...

dovecot at dovecot.org dovecot at dovecot.org
Sun Nov 18 20:14:05 EET 2007 

details:   http://hg.dovecot.org/dovecot-1.0/rev/73a3a6b1af36
changeset: 5458:73a3a6b1af36
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Nov 18 20:13:59 2007 +0200
description:
Disable processing input while it's not expected, otherwise we could get
there and crash while master is processing the login. Also allow client to
send the SASL data within the same IP packet as the AUTH/AUTHENTICATE
command without hanging.

diffstat:

4 files changed, 14 insertions(+), 18 deletions(-)
src/imap-login/client-authenticate.c |   14 +++++++-------
src/login-common/client-common.h     |    1 -
src/login-common/sasl-server.c       |    3 ---
src/pop3-login/client-authenticate.c |   14 +++++++-------

diffs (115 lines):

diff -r 96e896e1cf2e -r 73a3a6b1af36 src/imap-login/client-authenticate.c
--- a/src/imap-login/client-authenticate.c	Fri Nov 16 20:08:07 2007 +0200
+++ b/src/imap-login/client-authenticate.c	Sun Nov 18 20:13:59 2007 +0200
@@ -65,12 +65,9 @@ static void client_auth_input(void *cont
 	if (strcmp(line, "*") == 0) {
 		sasl_server_auth_client_error(&client->common,
 					      "Authentication aborted");
-	} else if (client->common.waiting_auth_reply) {
-		sasl_server_auth_client_error(&client->common,
-					      "Don't send unrequested data");
 	} else {
 		auth_client_request_continue(client->common.auth_request, line);
-		client->common.waiting_auth_reply = TRUE;
+		io_remove(&client->io);
 
 		/* clear sensitive data */
 		safe_memset(line, 0, strlen(line));
@@ -236,6 +233,11 @@ static void sasl_callback(struct client 
 		/* don't check return value here. it gets tricky if we try
 		   to call client_destroy() in here. */
 		(void)o_stream_sendv(client->output, iov, 3);
+
+		i_assert(client->io == NULL);
+		client->io = io_add(client->common.fd, IO_READ,
+				    client_auth_input, client);
+		client_auth_input(client);
 		return;
 	}
 
@@ -267,11 +269,9 @@ int cmd_authenticate(struct imap_client 
 	if (!client->common.authenticating)
 		return 1;
 
-	/* following input data will go to authentication */
+	/* don't handle input until we get the initial auth reply */
 	if (client->io != NULL)
 		io_remove(&client->io);
-	client->io = io_add(client->common.fd, IO_READ,
-			    client_auth_input, client);
 	return 0;
 }
 
diff -r 96e896e1cf2e -r 73a3a6b1af36 src/login-common/client-common.h
--- a/src/login-common/client-common.h	Fri Nov 16 20:08:07 2007 +0200
+++ b/src/login-common/client-common.h	Sun Nov 18 20:13:59 2007 +0200
@@ -24,7 +24,6 @@ struct client {
 	unsigned int tls:1;
 	unsigned int secured:1;
 	unsigned int authenticating:1;
-	unsigned int waiting_auth_reply:1;
 	/* ... */
 };
 
diff -r 96e896e1cf2e -r 73a3a6b1af36 src/login-common/sasl-server.c
--- a/src/login-common/sasl-server.c	Fri Nov 16 20:08:07 2007 +0200
+++ b/src/login-common/sasl-server.c	Sun Nov 18 20:13:59 2007 +0200
@@ -59,7 +59,6 @@ static void authenticate_callback(struct
 	}
 
 	i_assert(client->auth_request == request);
-	client->waiting_auth_reply = FALSE;
 
 	switch (status) {
 	case 0:
@@ -175,8 +174,6 @@ static void sasl_server_auth_cancel(stru
 	}
 
 	client->authenticating = FALSE;
-	client->waiting_auth_reply = FALSE;
-
 	if (client->auth_request != NULL) {
 		auth_client_request_abort(client->auth_request);
 		client->auth_request = NULL;
diff -r 96e896e1cf2e -r 73a3a6b1af36 src/pop3-login/client-authenticate.c
--- a/src/pop3-login/client-authenticate.c	Fri Nov 16 20:08:07 2007 +0200
+++ b/src/pop3-login/client-authenticate.c	Sun Nov 18 20:13:59 2007 +0200
@@ -72,12 +72,9 @@ static void client_auth_input(void *cont
 	if (strcmp(line, "*") == 0) {
 		sasl_server_auth_client_error(&client->common,
 					      "Authentication aborted");
-	} else if (client->common.waiting_auth_reply) {
-		sasl_server_auth_client_error(&client->common,
-					      "Don't send unrequested data");
 	} else {
 		auth_client_request_continue(client->common.auth_request, line);
-		client->common.waiting_auth_reply = TRUE;
+		io_remove(&client->io);
 
 		/* clear sensitive data */
 		safe_memset(line, 0, strlen(line));
@@ -208,6 +205,11 @@ static void sasl_callback(struct client 
 		/* don't check return value here. it gets tricky if we try
 		   to call client_destroy() in here. */
 		(void)o_stream_sendv(client->output, iov, 3);
+
+		i_assert(client->io == NULL);
+		client->io = io_add(client->common.fd, IO_READ,
+				    client_auth_input, client);
+		client_auth_input(client);
 		return;
 	}
 
@@ -251,11 +253,9 @@ bool cmd_auth(struct pop3_client *client
 	if (!client->common.authenticating)
 		return TRUE;
 
-	/* following input data will go to authentication */
+	/* don't handle input until we get the initial auth reply */
 	if (client->io != NULL)
 		io_remove(&client->io);
-	client->io = io_add(client->common.fd, IO_READ,
-			    client_auth_input, client);
 	return TRUE;
 }

More information about the dovecot-cvs mailing list