On 28.02.2017 17:59, Nagy, Attila wrote:
On 09/23/2016 08:05 AM, Aki Tuomi wrote:
On 29.07.2016 15:35, Nagy, Attila wrote:
I use pass and userdb with dict protocol in a similar way:
key passdb { key = passdb^MAuth-User: %u^MAuth-Pass: %w^MAuth-Protocol: %s^MClient-IP: %r format = json }
(^M is an \r character, inserted with vi CTRL-v + enter)
Until 2.2.24 this has worked, but 2.2.25 seems to convert that ASCII 13 into an ASCII 1 and an "r".
Python printout from what I get with 2.2.25:
'Lshared/passdb\x01rAuth-User: user\x01rAuth-Pass: pass\x01rAuth-Protocol: pop3\x01rClient-IP: 1.2.3.4'
Is this change intentional? Why? Hi!
Dict protocol escapes you newlines. You are expected to de-escape them yourself.
Following escapes are done, you can de-escape them with your client.
\x00 => \x10 \x01 => \x11 \t => \x1t \r => \x1r \n => \x1n
Following up on this: dovecot 2.2.27 and 2.2.28 goes even further (2.2.25 was OK). If a user specifies a password with a % in it, dovecot silently truncates it. So for example if I specify (just to check this simple example is also bad): key passdb { key = %w format = json }
and a user tries to log in with the password 'Lofasznehogyma%', dovecot sends the following into the dict socket: 'Lshared/Lofasznehogyma'
According to user reports, other characters may also be affected.
Could you please fix this?
Hi!
Can you try this?
https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42...
Aki