[dovecot-cvs] dovecot/src/auth auth-request.c, 1.45,
1.46 auth-stream.c, 1.1, 1.2 passdb-ldap.c, 1.42,
1.43 passdb-sql.c, 1.26, 1.27 userdb-ldap.c, 1.39,
1.40 userdb-sql.c, 1.13, 1.14 userdb-static.c, 1.17, 1.18
cras at dovecot.org
cras at dovecot.org
Tue Feb 14 19:43:08 EET 2006
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv28016/auth
Modified Files:
auth-request.c auth-stream.c passdb-ldap.c passdb-sql.c
userdb-ldap.c userdb-sql.c userdb-static.c
Log Message:
Check that we don't pass around key=value pairs with empty keys.
Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46
--- auth-request.c 22 Jan 2006 11:33:27 -0000 1.45
+++ auth-request.c 14 Feb 2006 17:43:04 -0000 1.46
@@ -515,6 +515,7 @@
const char *name, const char *value,
const char *default_scheme)
{
+ i_assert(*name != '\0');
i_assert(value != NULL);
if (strcmp(name, "password") == 0) {
Index: auth-stream.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-stream.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- auth-stream.c 8 Aug 2005 09:20:16 -0000 1.1
+++ auth-stream.c 14 Feb 2006 17:43:04 -0000 1.2
@@ -25,6 +25,7 @@
if (str_len(reply->str) > 0)
str_append_c(reply->str, '\t');
if (key != NULL) {
+ i_assert(*key != '\0');
i_assert(strchr(key, '\t') == NULL &&
strchr(key, '\n') == NULL);
Index: passdb-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- passdb-ldap.c 22 Jan 2006 11:33:27 -0000 1.42
+++ passdb-ldap.c 14 Feb 2006 17:43:04 -0000 1.43
@@ -59,7 +59,7 @@
name != NULL ? name : "?unknown?");
}
- if (name != NULL && vals != NULL) {
+ if (name != NULL && vals != NULL && *name != '\0') {
for (i = 0; vals[i] != NULL; i++) {
if (debug != NULL) {
if (i != 0)
Index: passdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-sql.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- passdb-sql.c 22 Jan 2006 11:33:27 -0000 1.26
+++ passdb-sql.c 14 Feb 2006 17:43:04 -0000 1.27
@@ -43,7 +43,7 @@
name = sql_result_get_field_name(result, i);
value = sql_result_get_field_value(result, i);
- if (value != NULL) {
+ if (*name != '\0' && value != NULL) {
auth_request_set_field(auth_request, name, value,
module->conn->set.default_pass_scheme);
}
Index: userdb-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-ldap.c,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -d -r1.39 -r1.40
--- userdb-ldap.c 14 Jan 2006 18:47:20 -0000 1.39
+++ userdb-ldap.c 14 Feb 2006 17:43:04 -0000 1.40
@@ -93,7 +93,7 @@
name, vals))
return NULL;
seen_gid = TRUE;
- } else {
+ } else if (*name != '\0') {
for (i = 0; vals[i] != NULL; i++) {
auth_stream_reply_add(reply, name,
vals[i]);
Index: userdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-sql.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- userdb-sql.c 14 Jan 2006 18:47:20 -0000 1.13
+++ userdb-sql.c 14 Feb 2006 17:43:04 -0000 1.14
@@ -60,7 +60,8 @@
value = dec2str(gid);
}
- auth_stream_reply_add(reply, name, value);
+ if (*name != '\0')
+ auth_stream_reply_add(reply, name, value);
}
if (uid == (uid_t)-1) {
Index: userdb-static.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-static.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- userdb-static.c 16 Oct 2005 14:34:39 -0000 1.17
+++ userdb-static.c 14 Feb 2006 17:43:04 -0000 1.18
@@ -94,6 +94,8 @@
value);
}
value = dec2str(gid);
+ } else if (*key == '\0') {
+ i_fatal("Status userdb: Empty key (=%s)", value);
}
key = p_strdup(auth_userdb->auth->pool, key);
value = p_strdup(auth_userdb->auth->pool, value);
More information about the dovecot-cvs
mailing list