dovecot-1.1: ssl_username_from_cert=yes: Don't truncate username...

dovecot at dovecot.org dovecot at dovecot.org
Tue Aug 4 21:55:15 EEST 2009


details:   http://hg.dovecot.org/dovecot-1.1/rev/876393c6d1ea
changeset: 8339:876393c6d1ea
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Aug 04 14:54:36 2009 -0400
description:
ssl_username_from_cert=yes: Don't truncate username, don't allow NULs in it.

diffstat:

1 file changed, 16 insertions(+), 6 deletions(-)
src/login-common/ssl-proxy-openssl.c |   22 ++++++++++++++++------

diffs (40 lines):

diff -r 2d9de6690d12 -r 876393c6d1ea src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Sun Aug 02 13:54:01 2009 -0400
+++ b/src/login-common/ssl-proxy-openssl.c	Tue Aug 04 14:54:36 2009 -0400
@@ -543,8 +543,8 @@ const char *ssl_proxy_get_peer_name(stru
 const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy)
 {
 	X509 *x509;
-	char buf[1024];
-	const char *name;
+	char *name;
+	int len;
 
 	if (!ssl_proxy_has_valid_client_cert(proxy))
 		return NULL;
@@ -553,11 +553,21 @@ const char *ssl_proxy_get_peer_name(stru
 	if (x509 == NULL)
 		return NULL; /* we should have had it.. */
 
-	if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
-				      ssl_username_nid, buf, sizeof(buf)) < 0)
+	len = X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
+					ssl_username_nid, NULL, 0);
+	if (len < 0)
 		name = "";
-	else
-		name = t_strndup(buf, sizeof(buf));
+	else {
+		name = t_malloc(len + 1);
+		if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
+					ssl_username_nid, name, len + 1) < 0)
+			name = "";
+		else if (strlen(name) != (size_t)len) {
+			/* NUL characters in name. Someone's trying to fake
+			   being another user? Don't allow it. */
+			name = "";
+		}
+	}
 	X509_free(x509);
 	
 	return *name == '\0' ? NULL : name;


More information about the dovecot-cvs mailing list