[dovecot-cvs] dovecot/src/auth auth-request-handler.c, 1.24, 1.25 mech-rpa.c, 1.27, 1.28 passdb-checkpassword.c, 1.30, 1.31

tss at dovecot.org tss at dovecot.org
Fri Jan 26 13:58:51 UTC 2007


Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv15340/auth

Modified Files:
	auth-request-handler.c mech-rpa.c passdb-checkpassword.c 
Log Message:
Cleanups and minor fixes



Index: auth-request-handler.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request-handler.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- auth-request-handler.c	26 Jan 2007 00:31:36 -0000	1.24
+++ auth-request-handler.c	26 Jan 2007 13:58:48 -0000	1.25
@@ -358,10 +358,11 @@
 	unsigned int id;
 
 	data = strchr(args, '\t');
-	if (data++ == NULL) {
+	if (data == NULL) {
 		i_error("BUG: Authentication client sent broken CONT request");
 		return FALSE;
 	}
+	data++;
 
 	id = (unsigned int)strtoul(args, NULL, 10);
 

Index: mech-rpa.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-rpa.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -d -r1.27 -r1.28
--- mech-rpa.c	8 Nov 2006 20:22:08 -0000	1.27
+++ mech-rpa.c	26 Jan 2007 13:58:48 -0000	1.28
@@ -442,8 +442,12 @@
 	unsigned char response[16];
 	buffer_t *hash_buffer;
 
+	if (strlen(credentials) != 32)
+		return FALSE;
+
 	hash_buffer = buffer_create_data(request->pool, request->pwd_md5, 16);
-	hex_to_binary(credentials, hash_buffer);
+	if (hex_to_binary(credentials, hash_buffer) < 0)
+		return FALSE;
 
 	rpa_user_response(request, response);
 	return memcmp(response, request->user_response, 16) == 0;

Index: passdb-checkpassword.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-checkpassword.c,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -d -r1.30 -r1.31
--- passdb-checkpassword.c	15 Dec 2006 18:38:08 -0000	1.30
+++ passdb-checkpassword.c	26 Jan 2007 13:58:49 -0000	1.31
@@ -67,18 +67,18 @@
 
 	hash_remove(module->clients, POINTER_CAST(request->pid));
 
-	if (request->input_buf != NULL &&
-	    strchr(str_c(request->input_buf), '\n') != NULL) {
-		auth_request_log_error(request->request, "checkpassword",
-				       "LF characters in checkpassword reply");
-		result = PASSDB_RESULT_INTERNAL_FAILURE;
-	}
-
 	if (result == PASSDB_RESULT_OK) {
-		request->request->extra_fields =
-			auth_stream_reply_init(request->request);
-		auth_stream_reply_import(request->request->extra_fields,
-					 str_c(request->input_buf));
+		if (strchr(str_c(request->input_buf), '\n') != NULL) {
+			auth_request_log_error(request->request,
+				"checkpassword",
+				"LF characters in checkpassword reply");
+			result = PASSDB_RESULT_INTERNAL_FAILURE;
+		} else {
+			request->request->extra_fields =
+				auth_stream_reply_init(request->request);
+			auth_stream_reply_import(request->request->extra_fields,
+						 str_c(request->input_buf));
+		}
 	}
 
 	request->callback(result, request->request);



More information about the dovecot-cvs mailing list