dovecot-1.2: ssl_username_from_cert=yes: Don't truncate username...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Aug 4 21:55:01 EEST 2009
details: http://hg.dovecot.org/dovecot-1.2/rev/0de21e725d4e
changeset: 9283:0de21e725d4e
user: Timo Sirainen <tss at iki.fi>
date: Tue Aug 04 14:54:56 2009 -0400
description:
ssl_username_from_cert=yes: Don't truncate username, don't allow NULs in it.
diffstat:
1 file changed, 16 insertions(+), 6 deletions(-)
src/login-common/ssl-proxy-openssl.c | 22 ++++++++++++++++------
diffs (40 lines):
diff -r 9fe57d8ec946 -r 0de21e725d4e src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Tue Aug 04 14:27:29 2009 -0400
+++ b/src/login-common/ssl-proxy-openssl.c Tue Aug 04 14:54:56 2009 -0400
@@ -588,8 +588,8 @@ const char *ssl_proxy_get_peer_name(stru
const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy)
{
X509 *x509;
- char buf[1024];
- const char *name;
+ char *name;
+ int len;
if (!ssl_proxy_has_valid_client_cert(proxy))
return NULL;
@@ -598,11 +598,21 @@ const char *ssl_proxy_get_peer_name(stru
if (x509 == NULL)
return NULL; /* we should have had it.. */
- if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
- ssl_username_nid, buf, sizeof(buf)) < 0)
+ len = X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
+ ssl_username_nid, NULL, 0);
+ if (len < 0)
name = "";
- else
- name = t_strndup(buf, sizeof(buf));
+ else {
+ name = t_malloc(len + 1);
+ if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
+ ssl_username_nid, name, len + 1) < 0)
+ name = "";
+ else if (strlen(name) != (size_t)len) {
+ /* NUL characters in name. Someone's trying to fake
+ being another user? Don't allow it. */
+ name = "";
+ }
+ }
X509_free(x509);
return *name == '\0' ? NULL : name;
More information about the dovecot-cvs
mailing list