dovecot-2.2: auth: Don't allow changing username to an empty str...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Dec 5 01:38:35 UTC 2014
details: http://hg.dovecot.org/dovecot-2.2/rev/a3ac6d5e5915
changeset: 18125:a3ac6d5e5915
user: Timo Sirainen <tss at iki.fi>
date: Fri Dec 05 03:38:08 2014 +0200
description:
auth: Don't allow changing username to an empty string.
This is most likely always accidental and Dovecot in general hasn't been
designed to support empty usernames.
diffstat:
src/auth/auth-request.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diffs (16 lines):
diff -r 9b7fdacccf99 -r a3ac6d5e5915 src/auth/auth-request.c
--- a/src/auth/auth-request.c Fri Dec 05 03:11:14 2014 +0200
+++ b/src/auth/auth-request.c Fri Dec 05 03:38:08 2014 +0200
@@ -1378,6 +1378,12 @@
new_value = get_updated_username(request->user, name, value);
if (new_value == NULL)
return FALSE;
+ if (new_value[0] == '\0') {
+ auth_request_log_error(request, AUTH_SUBSYS_DB,
+ "username attempted to be changed to empty");
+ request->failed = TRUE;
+ return TRUE;
+ }
if (strcmp(request->user, new_value) != 0) {
auth_request_log_debug(request, AUTH_SUBSYS_DB,
More information about the dovecot-cvs
mailing list