[dovecot-cvs] dovecot/src/lib-auth auth-server-request.c, 1.25, 1.25.2.1

cras at dovecot.org cras at dovecot.org
Sat Jun 17 17:45:55 EEST 2006


Update of /var/lib/cvs/dovecot/src/lib-auth
In directory talvi:/tmp/cvs-serv13945

Modified Files:
      Tag: branch_1_0
	auth-server-request.c 
Log Message:
Check that initial response doesn't contain invalid characters. Give better
error message in case that happens.



Index: auth-server-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-auth/auth-server-request.c,v
retrieving revision 1.25
retrieving revision 1.25.2.1
diff -u -d -r1.25 -r1.25.2.1
--- auth-server-request.c	14 Jan 2006 18:47:23 -0000	1.25
+++ auth-server-request.c	17 Jun 2006 14:45:53 -0000	1.25.2.1
@@ -31,8 +31,9 @@
 	unsigned int retrying:1;
 };
 
-static bool auth_server_send_new_request(struct auth_server_connection *conn,
-					 struct auth_request *request);
+static int auth_server_send_new_request(struct auth_server_connection *conn,
+					struct auth_request *request,
+					const char **error_r);
 static void auth_client_request_free(struct auth_request *request);
 
 static struct auth_server_connection *
@@ -50,6 +51,8 @@
 static void
 auth_server_request_check_retry(struct auth_request *request, const char *data)
 {
+	const char *error;
+
 	if (strcmp(request->mech, "PLAIN") == 0 && data != NULL &&
 	    request->plaintext_data == NULL && request->conn != NULL) {
 		request->next_conn = get_next_plain_server(request->conn);
@@ -60,9 +63,9 @@
 
 			hash_insert(request->next_conn->requests,
 				    POINTER_CAST(request->id), request);
-			auth_server_send_new_request(request->next_conn,
-						     request);
-			request->retrying = TRUE;
+			if (auth_server_send_new_request(request->next_conn,
+							 request, &error) == 0)
+				request->retrying = TRUE;
 		}
 	}
 }
@@ -80,8 +83,9 @@
 	return TRUE;
 }
 
-static bool auth_server_send_new_request(struct auth_server_connection *conn,
-					 struct auth_request *request)
+static int auth_server_send_new_request(struct auth_server_connection *conn,
+					struct auth_request *request,
+					const char **error_r)
 {
 	string_t *str;
 	ssize_t ret;
@@ -99,7 +103,8 @@
 	if (request->cert_username != NULL) {
 		if (!is_valid_string(request->cert_username)) {
 			t_pop();
-			return FALSE;
+			*error_r = "Invalid username in SSL certificate";
+			return -1;
 		}
 		str_printfa(str, "\tcert_username=%s", request->cert_username);
 	}
@@ -107,8 +112,14 @@
 		str_printfa(str, "\tlip=%s", net_ip2addr(&request->local_ip));
 	if (request->remote_ip.family != 0)
 		str_printfa(str, "\trip=%s", net_ip2addr(&request->remote_ip));
-	if (request->initial_resp_base64 != NULL)
+	if (request->initial_resp_base64 != NULL) {
+		if (!is_valid_string(request->initial_resp_base64)) {
+			t_pop();
+			*error_r = "Invalid base64 data in initial response";
+			return -1;
+		}
 		str_printfa(str, "\tresp=%s", request->initial_resp_base64);
+	}
 	str_append_c(str, '\n');
 
 	ret = o_stream_send(conn->output, str_data(str), str_len(str));
@@ -118,11 +129,11 @@
 		errno = conn->output->stream_errno;
 		i_warning("Error sending request to auth server: %m");
 		auth_server_connection_destroy(&conn, TRUE);
-		return FALSE;
+		return -1;
 	}
 
 	auth_server_request_check_retry(request, request->initial_resp_base64);
-	return TRUE;
+	return 0;
 }
 
 static void auth_server_send_continue(struct auth_server_connection *conn,
@@ -222,7 +233,7 @@
 {
 	struct auth_request *request;
         struct auth_server_connection *next;
-	const char *const *list;
+	const char *const *list, *error;
 	unsigned int id;
 
 	list = t_strsplit(args, "\t");
@@ -259,7 +270,8 @@
 				    request);
 			request->next_conn = next;
 
-			auth_server_send_new_request(next, request);
+			(void)auth_server_send_new_request(next, request,
+							   &error);
 			return TRUE;
 		}
 	}
@@ -349,7 +361,7 @@
 
 	hash_insert(conn->requests, POINTER_CAST(request->id), request);
 
-	if (!auth_server_send_new_request(conn, request))
+	if (auth_server_send_new_request(conn, request, error_r) < 0)
 		request = NULL;
 	return request;
 }



More information about the dovecot-cvs mailing list