dovecot-2.2: auth: Don't crash if trying to add password with TA...
dovecot at dovecot.org
dovecot at dovecot.org
Fri May 22 23:10:16 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/b23a19faf304
changeset: 18739:b23a19faf304
user: Timo Sirainen <tss at iki.fi>
date: Fri May 22 19:07:56 2015 -0400
description:
auth: Don't crash if trying to add password with TAB or LF to auth cache.
This would happen only if the passwords were stored as plaintext in passdb
and the valid password actually contained TAB or LF.
diffstat:
src/auth/auth-request.c | 6 +-----
1 files changed, 1 insertions(+), 5 deletions(-)
diffs (16 lines):
diff -r fd8edab94849 -r b23a19faf304 src/auth/auth-request.c
--- a/src/auth/auth-request.c Fri May 22 16:37:07 2015 -0400
+++ b/src/auth/auth-request.c Fri May 22 19:07:56 2015 -0400
@@ -457,11 +457,7 @@
str_append(str, passdb->default_pass_scheme);
str_append_c(str, '}');
}
- if (strchr(request->passdb_password, '\t') != NULL)
- i_panic("%s: Password contains TAB", request->user);
- if (strchr(request->passdb_password, '\n') != NULL)
- i_panic("%s: Password contains LF", request->user);
- str_append(str, request->passdb_password);
+ str_append_tabescaped(str, request->passdb_password);
}
if (!auth_fields_is_empty(request->extra_fields)) {
More information about the dovecot-cvs
mailing list