dovecot-2.2: auth: Invalid userdb passwd-file and userdb templat...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/9b1734587b28
changeset: 17463:9b1734587b28
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Jun 13 00:30:27 2014 +0300
description:
auth: Invalid userdb passwd-file and userdb templates may have caused crashes.
Using just "key" parameter instead of "key=value" usually worked, but for
some keys the code assumed that there was a value and it dereferenced NULL.
We'll solve this by just using value="" instead of value=NULL.
Found by Coverity

diffstat:

 src/auth/auth-request.c       |  2 ++
 src/auth/userdb-passwd-file.c |  2 ++
 src/auth/userdb-template.c    |  2 +-
 3 files changed, 5 insertions(+), 1 deletions(-)

diffs (36 lines):

diff -r a07ddd1b2763 -r 9b1734587b28 src/auth/auth-request.c
--- a/src/auth/auth-request.c	Fri Jun 13 00:15:47 2014 +0300
+++ b/src/auth/auth-request.c	Fri Jun 13 00:30:27 2014 +0300
@@ -1567,6 +1567,8 @@
 	uid_t uid;
 	gid_t gid;
 
+	i_assert(value != NULL);
+
 	if (strcmp(name, "uid") == 0) {
 		uid = userdb_parse_uid(request, value);
 		if (uid == (uid_t)-1) {
diff -r a07ddd1b2763 -r 9b1734587b28 src/auth/userdb-passwd-file.c
--- a/src/auth/userdb-passwd-file.c	Fri Jun 13 00:15:47 2014 +0300
+++ b/src/auth/userdb-passwd-file.c	Fri Jun 13 00:30:27 2014 +0300
@@ -76,6 +76,8 @@
 				str_truncate(str, 0);
 				var_expand(str, value + 1, table);
 				value = str_c(str);
+			} else {
+				value = "";
 			}
 			auth_request_set_userdb_field(auth_request, key, value);
 		}
diff -r a07ddd1b2763 -r 9b1734587b28 src/auth/userdb-template.c
--- a/src/auth/userdb-template.c	Fri Jun 13 00:15:47 2014 +0300
+++ b/src/auth/userdb-template.c	Fri Jun 13 00:30:27 2014 +0300
@@ -74,7 +74,7 @@
 	i_assert((count % 2) == 0);
 	for (i = 0; i < count; i += 2) {
 		if (args[i+1] == NULL)
-			value = NULL;
+			value = "";
 		else {
 			str_truncate(str, 0);
 			var_expand(str, args[i+1], table);