From 1f2c35da2b96905bec6e45f88af0f33ee63789e6 Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Wed, 23 Nov 2016 13:16:19 +0200 Subject: [PATCH] auth: Fix auth-policy crash when username is NULL If SASL request is invalid, or incomplete, and username is left NULL, handle it gracefully by adding just NUL byte in auth policy digest for username. --- src/auth/auth-policy.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff -Nur dovecot-2.3.3_old/src/auth/auth-policy.c dovecot-2.3.3/src/auth/auth-policy.c --- dovecot-2.3.3_old/src/auth/auth-policy.c 2020-03-16 17:38:38.308283675 +0800 +++ dovecot-2.3.3/src/auth/auth-policy.c 2020-03-16 17:42:41.873103352 +0800 @@ -466,7 +466,10 @@ else requested_username = ""; /* use +1 to make sure \0 gets included */ - digest->loop(ctx, requested_username, strlen(requested_username)+1); + if (context->request->user == NULL) + digest->loop(ctx, "\0", 1); + else + digest->loop(ctx, context->request->user, strlen(context->request->user) + 1); if (password != NULL) digest->loop(ctx, password, strlen(password)); ptr = buffer_get_modifiable_data(buffer, NULL);