global: Replaced t_strsplit_tab() calls with t_strsplit_tabescaped() This is useful especially in auth code to support LFs in extra fields. Other pieces of code were also tab-escaping strings, but never unescaping them. Usually it didn't matter, because nobody would use the escaped characters. Still, the code wasn't exactly behaving correctly. One downside to this change is that it's now possible to pass through TABs, CRs and LFs through the various protocols. In theory this shouldn't cause any problems, but combined with other bugs this could trigger some security problems.

--- a/src/doveadm/dsync/dsync-ibc-stream.c	Wed May 17 12:26:42 2017 +0300
+++ b/src/doveadm/dsync/dsync-ibc-stream.c	Thu Oct 20 17:45:44 2016 +0300
@@ -1775,7 +1775,7 @@
 
 	if (dsync_deserializer_decode_try(decoder, "keyword_changes", &value) &&
 	    *value != '\0') {
-		const char *const *changes = t_strsplit_tab(value);
+		const char *const *changes = t_strsplit_tabescaped(value);
 		unsigned int i, count = str_array_length(changes);
 
 		p_array_init(&change->keyword_changes, pool, count);