[dovecot-cvs] dovecot/src/auth auth-request-handler.c,1.15,1.16
tss at dovecot.org
tss at dovecot.org
Sun Oct 15 16:52:31 UTC 2006
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv22135/src/auth
Modified Files:
auth-request-handler.c
Log Message:
Require that the "resp" parameter for AUTH command is the last.
Index: auth-request-handler.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request-handler.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- auth-request-handler.c 3 Aug 2006 15:37:55 -0000 1.15
+++ auth-request-handler.c 15 Oct 2006 15:52:29 -0000 1.16
@@ -288,17 +288,27 @@
if (auth_request_import(request, name, arg))
;
- else if (strcmp(name, "resp") == 0)
- initial_resp = arg;
else if (strcmp(name, "valid-client-cert") == 0)
valid_client_cert = TRUE;
+ else if (strcmp(name, "resp") == 0) {
+ initial_resp = arg;
+ /* this must be the last parameter */
+ list++;
+ break;
+ }
+ }
+
+ if (*list != NULL) {
+ i_error("BUG: Authentication client %u "
+ "sent AUTH parameters after 'resp'",
+ handler->client_pid);
+ return FALSE;
}
if (request->service == NULL) {
i_error("BUG: Authentication client %u "
"didn't specify service in request",
handler->client_pid);
- auth_request_unref(&request);
return FALSE;
}
More information about the dovecot-cvs
mailing list