dovecot: Disable processing input while it's not expected, other...
dovecot at dovecot.org
dovecot at dovecot.org
Sun Nov 18 20:14:09 EET 2007
details: http://hg.dovecot.org/dovecot/rev/ff62b2323a97
changeset: 6834:ff62b2323a97
user: Timo Sirainen <tss at iki.fi>
date: Sun Nov 18 20:14:00 2007 +0200
description:
Disable processing input while it's not expected, otherwise we could get
there and crash while master is processing the login. Also allow client to
send the SASL data within the same IP packet as the AUTH/AUTHENTICATE
command without hanging.
diffstat:
3 files changed, 14 insertions(+), 15 deletions(-)
src/imap-login/client-authenticate.c | 14 +++++++-------
src/login-common/client-common.h | 1 -
src/pop3-login/client-authenticate.c | 14 +++++++-------
diffs (95 lines):
diff -r 337e6a9a2959 -r ff62b2323a97 src/imap-login/client-authenticate.c
--- a/src/imap-login/client-authenticate.c Sun Nov 18 11:18:45 2007 +0200
+++ b/src/imap-login/client-authenticate.c Sun Nov 18 20:14:00 2007 +0200
@@ -66,12 +66,9 @@ static void client_auth_input(struct ima
if (strcmp(line, "*") == 0) {
sasl_server_auth_client_error(&client->common,
"Authentication aborted");
- } else if (client->common.waiting_auth_reply) {
- sasl_server_auth_client_error(&client->common,
- "Don't send unrequested data");
} else {
auth_client_request_continue(client->common.auth_request, line);
- client->common.waiting_auth_reply = TRUE;
+ io_remove(&client->io);
/* clear sensitive data */
safe_memset(line, 0, strlen(line));
@@ -243,6 +240,11 @@ static void sasl_callback(struct client
/* don't check return value here. it gets tricky if we try
to call client_destroy() in here. */
(void)o_stream_sendv(client->output, iov, 3);
+
+ i_assert(client->io == NULL);
+ client->io = io_add(client->common.fd, IO_READ,
+ client_auth_input, client);
+ client_auth_input(client);
return;
}
@@ -274,11 +276,9 @@ int cmd_authenticate(struct imap_client
if (!client->common.authenticating)
return 1;
- /* following input data will go to authentication */
+ /* don't handle input until we get the initial auth reply */
if (client->io != NULL)
io_remove(&client->io);
- client->io = io_add(client->common.fd, IO_READ,
- client_auth_input, client);
return 0;
}
diff -r 337e6a9a2959 -r ff62b2323a97 src/login-common/client-common.h
--- a/src/login-common/client-common.h Sun Nov 18 11:18:45 2007 +0200
+++ b/src/login-common/client-common.h Sun Nov 18 20:14:00 2007 +0200
@@ -24,7 +24,6 @@ struct client {
unsigned int tls:1;
unsigned int secured:1;
unsigned int authenticating:1;
- unsigned int waiting_auth_reply:1;
/* ... */
};
diff -r 337e6a9a2959 -r ff62b2323a97 src/pop3-login/client-authenticate.c
--- a/src/pop3-login/client-authenticate.c Sun Nov 18 11:18:45 2007 +0200
+++ b/src/pop3-login/client-authenticate.c Sun Nov 18 20:14:00 2007 +0200
@@ -73,12 +73,9 @@ static void client_auth_input(struct pop
if (strcmp(line, "*") == 0) {
sasl_server_auth_client_error(&client->common,
"Authentication aborted");
- } else if (client->common.waiting_auth_reply) {
- sasl_server_auth_client_error(&client->common,
- "Don't send unrequested data");
} else {
auth_client_request_continue(client->common.auth_request, line);
- client->common.waiting_auth_reply = TRUE;
+ io_remove(&client->io);
/* clear sensitive data */
safe_memset(line, 0, strlen(line));
@@ -215,6 +212,11 @@ static void sasl_callback(struct client
/* don't check return value here. it gets tricky if we try
to call client_destroy() in here. */
(void)o_stream_sendv(client->output, iov, 3);
+
+ i_assert(client->io == NULL);
+ client->io = io_add(client->common.fd, IO_READ,
+ client_auth_input, client);
+ client_auth_input(client);
return;
}
@@ -258,11 +260,9 @@ bool cmd_auth(struct pop3_client *client
if (!client->common.authenticating)
return TRUE;
- /* following input data will go to authentication */
+ /* don't handle input until we get the initial auth reply */
if (client->io != NULL)
io_remove(&client->io);
- client->io = io_add(client->common.fd, IO_READ,
- client_auth_input, client);
return TRUE;
}
More information about the dovecot-cvs
mailing list