[Dovecot] Trim trailing whitespace from username
Timo Sirainen
tss at iki.fi
Thu May 29 18:19:11 EEST 2008
On Wed, 2008-05-28 at 15:40 -0700, David Jonas wrote:
> I spoke too soon. Dovecot still complains about the invalid character.
> While testing I had forgotten to update to remove <space> from
> username_chars. I should have known really, since the invalid chars
> check is done before var_expand() in auth_request_fix_username().
>
> Any other ideas? Adding <space> to the username_chars list doesn't seem
> like a security threat, but honestly I don't know much about that.
The default auth_username_chars contain only the ones that are commonly
used. There should be no problems allowing most non-control characters.
In future I'm going to fix also Dovecot's handling of control
characters.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080529/5f6a7545/attachment.bin
More information about the dovecot
mailing list