[dovecot-cvs] dovecot/src/auth mech-apop.c,1.23,1.24
tss at dovecot.org
tss at dovecot.org
Fri Jan 26 13:40:53 UTC 2007
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv14689
Modified Files:
mech-apop.c
Log Message:
Verify the APOP input before passing it to sscanf() to make sure it's
NUL-terminated.
Index: mech-apop.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-apop.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- mech-apop.c 8 Nov 2006 20:22:08 -0000 1.23
+++ mech-apop.c 26 Jan 2007 13:40:51 -0000 1.24
@@ -88,9 +88,25 @@
tmp = data;
end = data + data_size;
+ /* skip the challenge */
while (tmp != end && *tmp != '\0')
tmp++;
+ if (tmp != end) {
+ /* get the username */
+ username = ++tmp;
+ while (tmp != end && *tmp != '\0')
+ tmp++;
+ }
+
+ if (tmp + 1 + 16 != end) {
+ /* Should never happen */
+ auth_request_log_info(auth_request, "apop", "malformed data");
+ auth_request_fail(auth_request);
+ return;
+ }
+ tmp++;
+
/* the challenge must begin with trusted unique ID. we trust only
ourself, so make sure it matches our connection specific UID
which we told to client in handshake. Also require a timestamp
@@ -108,20 +124,6 @@
}
request->challenge = p_strdup(request->pool, (const char *)data);
- if (tmp != end) {
- username = ++tmp;
- while (tmp != end && *tmp != '\0')
- tmp++;
- }
-
- if (tmp + 1 + 16 != end) {
- /* Should never happen */
- auth_request_log_info(auth_request, "apop", "malformed data");
- auth_request_fail(auth_request);
- return;
- }
- tmp++;
-
if (!auth_request_set_username(auth_request, (const char *)username,
&error)) {
auth_request_log_info(auth_request, "apop", "%s", error);
More information about the dovecot-cvs
mailing list