dovecot-2.2: *-login: And actually make the previous changes work.

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/0a5bd3b09ca5
changeset: 18045:0a5bd3b09ca5
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Oct 30 04:36:50 2014 +0200
description:
*-login: And actually make the previous changes work.

diffstat:

 src/imap-login/client.c          |  12 ++++++------
 src/login-common/client-common.h |   1 +
 src/pop3-login/client.c          |   8 ++++++--
 3 files changed, 13 insertions(+), 8 deletions(-)

diffs (51 lines):

diff -r 865456b37bc2 -r 0a5bd3b09ca5 src/imap-login/client.c
--- a/src/imap-login/client.c	Wed Oct 29 18:33:46 2014 -0700
+++ b/src/imap-login/client.c	Thu Oct 30 04:36:50 2014 +0200
@@ -155,12 +155,12 @@
 		client->common.local_port = atoi(value);
 	else if (strcasecmp(key, "x-proxy-ttl") == 0)
 		client->common.proxy_ttl = atoi(value);
-	else if (strcasecmp(key, "x-session-id") == 0) {
-		client->common.session_id =
-			p_strdup(client->common.pool, value);
-	} else if (strcasecmp(key, "x-session-ext-id") == 0) {
-		client->common.session_id =
-			p_strdup(client->common.pool, value);
+	else if (strcasecmp(key, "x-session-id") == 0 ||
+		 strcasecmp(key, "x-session-ext-id") == 0) {
+		if (strlen(value) <= LOGIN_MAX_SESSION_ID_LEN) {
+			client->common.session_id =
+				p_strdup(client->common.pool, value);
+		}
 	}
 }
 
diff -r 865456b37bc2 -r 0a5bd3b09ca5 src/login-common/client-common.h
--- a/src/login-common/client-common.h	Wed Oct 29 18:33:46 2014 -0700
+++ b/src/login-common/client-common.h	Thu Oct 30 04:36:50 2014 +0200
@@ -6,6 +6,7 @@
 #include "sasl-server.h"
 #include "master-login.h" /* for LOGIN_MAX_SESSION_ID_LEN */
 
+#define LOGIN_MAX_SESSION_ID_LEN 64
 #define LOGIN_MAX_MASTER_PREFIX_LEN 128
 
 /* max. size of input buffer. this means:
diff -r 865456b37bc2 -r 0a5bd3b09ca5 src/pop3-login/client.c
--- a/src/pop3-login/client.c	Wed Oct 29 18:33:46 2014 -0700
+++ b/src/pop3-login/client.c	Thu Oct 30 04:36:50 2014 +0200
@@ -57,8 +57,12 @@
 			else
 				client->common.remote_port = remote_port;
 		} else if (strncasecmp(*tmp, "SESSION=", 8) == 0) {
-			client->common.session_id =
-				p_strdup(client->common.pool, *tmp + 8);
+			const char *value = *tmp + 8;
+
+			if (strlen(value) <= LOGIN_MAX_SESSION_ID_LEN) {
+				client->common.session_id =
+					p_strdup(client->common.pool, value);
+			}
 		} else if (strncasecmp(*tmp, "TTL=", 4) == 0) {
 			if (str_to_uint(*tmp + 4, &client->common.proxy_ttl) < 0)
 				args_ok = FALSE;