[dovecot-cvs] dovecot/src/auth auth-request-handler.c, 1.12.2.10, 1.12.2.11 mech-rpa.c, 1.24.2.2, 1.24.2.3 passdb-checkpassword.c, 1.18.2.9, 1.18.2.10

tss at dovecot.org tss at dovecot.org
Fri Jan 26 13:58:32 UTC 2007


Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv15336/auth

Modified Files:
      Tag: branch_1_0
	auth-request-handler.c mech-rpa.c passdb-checkpassword.c 
Log Message:
Cleanups and minor fixes



Index: auth-request-handler.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request-handler.c,v
retrieving revision 1.12.2.10
retrieving revision 1.12.2.11
diff -u -d -r1.12.2.10 -r1.12.2.11
--- auth-request-handler.c	26 Jan 2007 00:31:29 -0000	1.12.2.10
+++ auth-request-handler.c	26 Jan 2007 13:58:30 -0000	1.12.2.11
@@ -357,10 +357,11 @@
 	unsigned int id;
 
 	data = strchr(args, '\t');
-	if (data++ == NULL) {
+	if (data == NULL) {
 		i_error("BUG: Authentication client sent broken CONT request");
 		return FALSE;
 	}
+	data++;
 
 	id = (unsigned int)strtoul(args, NULL, 10);
 

Index: mech-rpa.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-rpa.c,v
retrieving revision 1.24.2.2
retrieving revision 1.24.2.3
diff -u -d -r1.24.2.2 -r1.24.2.3
--- mech-rpa.c	17 Jun 2006 19:15:18 -0000	1.24.2.2
+++ mech-rpa.c	26 Jan 2007 13:58:30 -0000	1.24.2.3
@@ -442,8 +442,12 @@
 	unsigned char response[16];
 	buffer_t *hash_buffer;
 
+	if (strlen(credentials) != 32)
+		return FALSE;
+
 	hash_buffer = buffer_create_data(request->pool, request->pwd_md5, 16);
-	hex_to_binary(credentials, hash_buffer);
+	if (hex_to_binary(credentials, hash_buffer) < 0)
+		return FALSE;
 
 	rpa_user_response(request, response);
 	return memcmp(response, request->user_response, 16) == 0;

Index: passdb-checkpassword.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-checkpassword.c,v
retrieving revision 1.18.2.9
retrieving revision 1.18.2.10
diff -u -d -r1.18.2.9 -r1.18.2.10
--- passdb-checkpassword.c	18 Nov 2006 22:17:25 -0000	1.18.2.9
+++ passdb-checkpassword.c	26 Jan 2007 13:58:30 -0000	1.18.2.10
@@ -67,18 +67,18 @@
 
 	hash_remove(module->clients, POINTER_CAST(request->pid));
 
-	if (request->input_buf != NULL &&
-	    strchr(str_c(request->input_buf), '\n') != NULL) {
-		auth_request_log_error(request->request, "checkpassword",
-				       "LF characters in checkpassword reply");
-		result = PASSDB_RESULT_INTERNAL_FAILURE;
-	}
-
 	if (result == PASSDB_RESULT_OK) {
-		request->request->extra_fields =
-			auth_stream_reply_init(request->request);
-		auth_stream_reply_import(request->request->extra_fields,
-					 str_c(request->input_buf));
+		if (strchr(str_c(request->input_buf), '\n') != NULL) {
+			auth_request_log_error(request->request,
+				"checkpassword",
+				"LF characters in checkpassword reply");
+			result = PASSDB_RESULT_INTERNAL_FAILURE;
+		} else {
+			request->request->extra_fields =
+				auth_stream_reply_init(request->request);
+			auth_stream_reply_import(request->request->extra_fields,
+						 str_c(request->input_buf));
+		}
 	}
 
 	request->callback(result, request->request);



More information about the dovecot-cvs mailing list