28 lines
1.1 KiB
Diff
28 lines
1.1 KiB
Diff
From 1f2c35da2b96905bec6e45f88af0f33ee63789e6 Mon Sep 17 00:00:00 2001
|
|
From: Aki Tuomi <aki.tuomi@dovecot.fi>
|
|
Date: Wed, 23 Nov 2016 13:16:19 +0200
|
|
Subject: [PATCH] auth: Fix auth-policy crash when username is NULL
|
|
|
|
If SASL request is invalid, or incomplete, and username
|
|
is left NULL, handle it gracefully by adding just
|
|
NUL byte in auth policy digest for username.
|
|
---
|
|
src/auth/auth-policy.c | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff -Nur dovecot-2.3.3_old/src/auth/auth-policy.c dovecot-2.3.3/src/auth/auth-policy.c
|
|
--- dovecot-2.3.3_old/src/auth/auth-policy.c 2020-03-16 17:38:38.308283675 +0800
|
|
+++ dovecot-2.3.3/src/auth/auth-policy.c 2020-03-16 17:42:41.873103352 +0800
|
|
@@ -466,7 +466,10 @@
|
|
else
|
|
requested_username = "";
|
|
/* use +1 to make sure \0 gets included */
|
|
- digest->loop(ctx, requested_username, strlen(requested_username)+1);
|
|
+ if (context->request->user == NULL)
|
|
+ digest->loop(ctx, "\0", 1);
|
|
+ else
|
|
+ digest->loop(ctx, context->request->user, strlen(context->request->user) + 1);
|
|
if (password != NULL)
|
|
digest->loop(ctx, password, strlen(password));
|
|
ptr = buffer_get_modifiable_data(buffer, NULL);
|