[dovecot-cvs] dovecot/src/lib-auth auth-server-request.c, 1.25,
1.25.2.1
cras at dovecot.org
cras at dovecot.org
Sat Jun 17 17:45:55 EEST 2006
Update of /var/lib/cvs/dovecot/src/lib-auth
In directory talvi:/tmp/cvs-serv13945
Modified Files:
Tag: branch_1_0
auth-server-request.c
Log Message:
Check that initial response doesn't contain invalid characters. Give better
error message in case that happens.
Index: auth-server-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-auth/auth-server-request.c,v
retrieving revision 1.25
retrieving revision 1.25.2.1
diff -u -d -r1.25 -r1.25.2.1
--- auth-server-request.c 14 Jan 2006 18:47:23 -0000 1.25
+++ auth-server-request.c 17 Jun 2006 14:45:53 -0000 1.25.2.1
@@ -31,8 +31,9 @@
unsigned int retrying:1;
};
-static bool auth_server_send_new_request(struct auth_server_connection *conn,
- struct auth_request *request);
+static int auth_server_send_new_request(struct auth_server_connection *conn,
+ struct auth_request *request,
+ const char **error_r);
static void auth_client_request_free(struct auth_request *request);
static struct auth_server_connection *
@@ -50,6 +51,8 @@
static void
auth_server_request_check_retry(struct auth_request *request, const char *data)
{
+ const char *error;
+
if (strcmp(request->mech, "PLAIN") == 0 && data != NULL &&
request->plaintext_data == NULL && request->conn != NULL) {
request->next_conn = get_next_plain_server(request->conn);
@@ -60,9 +63,9 @@
hash_insert(request->next_conn->requests,
POINTER_CAST(request->id), request);
- auth_server_send_new_request(request->next_conn,
- request);
- request->retrying = TRUE;
+ if (auth_server_send_new_request(request->next_conn,
+ request, &error) == 0)
+ request->retrying = TRUE;
}
}
}
@@ -80,8 +83,9 @@
return TRUE;
}
-static bool auth_server_send_new_request(struct auth_server_connection *conn,
- struct auth_request *request)
+static int auth_server_send_new_request(struct auth_server_connection *conn,
+ struct auth_request *request,
+ const char **error_r)
{
string_t *str;
ssize_t ret;
@@ -99,7 +103,8 @@
if (request->cert_username != NULL) {
if (!is_valid_string(request->cert_username)) {
t_pop();
- return FALSE;
+ *error_r = "Invalid username in SSL certificate";
+ return -1;
}
str_printfa(str, "\tcert_username=%s", request->cert_username);
}
@@ -107,8 +112,14 @@
str_printfa(str, "\tlip=%s", net_ip2addr(&request->local_ip));
if (request->remote_ip.family != 0)
str_printfa(str, "\trip=%s", net_ip2addr(&request->remote_ip));
- if (request->initial_resp_base64 != NULL)
+ if (request->initial_resp_base64 != NULL) {
+ if (!is_valid_string(request->initial_resp_base64)) {
+ t_pop();
+ *error_r = "Invalid base64 data in initial response";
+ return -1;
+ }
str_printfa(str, "\tresp=%s", request->initial_resp_base64);
+ }
str_append_c(str, '\n');
ret = o_stream_send(conn->output, str_data(str), str_len(str));
@@ -118,11 +129,11 @@
errno = conn->output->stream_errno;
i_warning("Error sending request to auth server: %m");
auth_server_connection_destroy(&conn, TRUE);
- return FALSE;
+ return -1;
}
auth_server_request_check_retry(request, request->initial_resp_base64);
- return TRUE;
+ return 0;
}
static void auth_server_send_continue(struct auth_server_connection *conn,
@@ -222,7 +233,7 @@
{
struct auth_request *request;
struct auth_server_connection *next;
- const char *const *list;
+ const char *const *list, *error;
unsigned int id;
list = t_strsplit(args, "\t");
@@ -259,7 +270,8 @@
request);
request->next_conn = next;
- auth_server_send_new_request(next, request);
+ (void)auth_server_send_new_request(next, request,
+ &error);
return TRUE;
}
}
@@ -349,7 +361,7 @@
hash_insert(conn->requests, POINTER_CAST(request->id), request);
- if (!auth_server_send_new_request(conn, request))
+ if (auth_server_send_new_request(conn, request, error_r) < 0)
request = NULL;
return request;
}
More information about the dovecot-cvs
mailing list