Dict protocol changes string
Nagy, Attila
bra at fsn.hu
Tue Feb 28 15:59:10 UTC 2017
On 09/23/2016 08:05 AM, Aki Tuomi wrote:
> On 29.07.2016 15:35, Nagy, Attila wrote:
>> I use pass and userdb with dict protocol in a similar way:
>>
>> key passdb {
>> key = passdb^MAuth-User: %u^MAuth-Pass: %w^MAuth-Protocol:
>> %s^MClient-IP: %r
>> format = json
>> }
>>
>> (^M is an \r character, inserted with vi CTRL-v + enter)
>>
>> Until 2.2.24 this has worked, but 2.2.25 seems to convert that ASCII
>> 13 into an ASCII 1 and an "r".
>>
>> Python printout from what I get with 2.2.25:
>>
>> 'Lshared/passdb\x01rAuth-User: user\x01rAuth-Pass:
>> pass\x01rAuth-Protocol: pop3\x01rClient-IP: 1.2.3.4'
>>
>> Is this change intentional? Why?
> Hi!
>
> Dict protocol escapes you newlines. You are expected to de-escape them
> yourself.
>
> Following escapes are done, you can de-escape them with your client.
>
> \x00 => \x10
> \x01 => \x11
> \t => \x1t
> \r => \x1r
> \n => \x1n
>
>
Following up on this: dovecot 2.2.27 and 2.2.28 goes even further
(2.2.25 was OK).
If a user specifies a password with a % in it, dovecot silently
truncates it.
So for example if I specify (just to check this simple example is also bad):
key passdb {
key = %w
format = json
}
and a user tries to log in with the password 'Lofasznehogyma%', dovecot
sends the following into the dict socket:
'Lshared/Lofasznehogyma'
According to user reports, other characters may also be affected.
Could you please fix this?
More information about the dovecot
mailing list