dovecot-2.2: auth: Make sure auth cache doesn't break if any cac...
dovecot at dovecot.org
dovecot at dovecot.org
Sun May 20 03:26:27 EEST 2012
details: http://hg.dovecot.org/dovecot-2.2/rev/90738a7c7535
changeset: 14341:90738a7c7535
user: Timo Sirainen <tss at iki.fi>
date: Wed Mar 14 14:59:24 2012 +0200
description:
auth: Make sure auth cache doesn't break if any cache keys have TABs.
diffstat:
src/auth/auth-cache.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
diffs (46 lines):
diff -r a090cbbe3008 -r 90738a7c7535 src/auth/auth-cache.c
--- a/src/auth/auth-cache.c Wed Mar 14 14:55:25 2012 +0200
+++ b/src/auth/auth-cache.c Wed Mar 14 14:59:24 2012 +0200
@@ -207,6 +207,15 @@
hash_table_clear(cache->hash, FALSE);
}
+static const char *
+auth_cache_escape(const char *string,
+ const struct auth_request *auth_request ATTR_UNUSED)
+{
+ /* cache key %variables are separated by tabs, make sure that there
+ are no tabs in the string */
+ return str_tabescape(string);
+}
+
const char *
auth_cache_lookup(struct auth_cache *cache, const struct auth_request *request,
const char *key, struct auth_cache_node **node_r,
@@ -225,7 +234,7 @@
str = t_str_new(256);
var_expand(str, t_strconcat(request->userdb_lookup ? "U" : "P",
"%!/", key, NULL),
- auth_request_get_var_expand_table(request, NULL));
+ auth_request_get_var_expand_table(request, auth_cache_escape));
node = hash_table_lookup(cache->hash, str_c(str));
if (node == NULL) {
@@ -281,7 +290,7 @@
str = t_str_new(256);
var_expand(str, t_strconcat(request->userdb_lookup ? "U" : "P",
"%!/", key, NULL),
- auth_request_get_var_expand_table(request, NULL));
+ auth_request_get_var_expand_table(request, auth_cache_escape));
request->user = current_username;
@@ -330,7 +339,7 @@
str = t_str_new(256);
var_expand(str, key,
- auth_request_get_var_expand_table(request, NULL));
+ auth_request_get_var_expand_table(request, auth_cache_escape));
node = hash_table_lookup(cache->hash, str_c(str));
if (node == NULL)
More information about the dovecot-cvs
mailing list