dovecot-2.2: *-login: Session ID generator wasn't encoding remot...
dovecot at dovecot.org
dovecot at dovecot.org
Sun Sep 27 18:27:51 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/038efefc7e70
changeset: 19225:038efefc7e70
user: Timo Sirainen <tss at iki.fi>
date: Sun Sep 27 21:25:59 2015 +0300
description:
*-login: Session ID generator wasn't encoding remote port number correctly to it.
The upper 8bits of the port number were always written as 0.
This could have lead to duplicate session ID strings in some rare cases.
Found by Coverity.
diffstat:
src/login-common/client-common.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diffs (12 lines):
diff -r 7010dd10ccc6 -r 038efefc7e70 src/login-common/client-common.c
--- a/src/login-common/client-common.c Sun Sep 27 20:47:20 2015 +0300
+++ b/src/login-common/client-common.c Sun Sep 27 21:25:59 2015 +0300
@@ -453,7 +453,7 @@
buffer_append_c(buf, (timestamp >> i) & 0xff);
buffer_append_c(buf, client->remote_port & 0xff);
- buffer_append_c(buf, (client->remote_port >> 16) & 0xff);
+ buffer_append_c(buf, (client->remote_port >> 8) & 0xff);
#ifdef HAVE_IPV6
if (IPADDR_IS_V6(&client->ip))
buffer_append(buf, &client->ip.u.ip6, sizeof(client->ip.u.ip6));
More information about the dovecot-cvs
mailing list