[dovecot-cvs] dovecot/src/auth auth-request-handler.c,1.15,1.16

tss at dovecot.org tss at dovecot.org
Sun Oct 15 16:52:31 UTC 2006


Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv22135/src/auth

Modified Files:
	auth-request-handler.c 
Log Message:
Require that the "resp" parameter for AUTH command is the last.



Index: auth-request-handler.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request-handler.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- auth-request-handler.c	3 Aug 2006 15:37:55 -0000	1.15
+++ auth-request-handler.c	15 Oct 2006 15:52:29 -0000	1.16
@@ -288,17 +288,27 @@
 
 		if (auth_request_import(request, name, arg))
 			;
-		else if (strcmp(name, "resp") == 0)
-			initial_resp = arg;
 		else if (strcmp(name, "valid-client-cert") == 0)
 			valid_client_cert = TRUE;
+		else if (strcmp(name, "resp") == 0) {
+			initial_resp = arg;
+			/* this must be the last parameter */
+			list++;
+			break;
+		}
+	}
+
+	if (*list != NULL) {
+		i_error("BUG: Authentication client %u "
+			"sent AUTH parameters after 'resp'",
+			handler->client_pid);
+		return FALSE;
 	}
 
 	if (request->service == NULL) {
 		i_error("BUG: Authentication client %u "
 			"didn't specify service in request",
 			handler->client_pid);
-		auth_request_unref(&request);
 		return FALSE;
 	}
 



More information about the dovecot-cvs mailing list