Mercurial > dovecot > core-2.2

diff src/auth/auth-request.h @ 13728:9a6aa717bc46
auth: Don't allow auth clients to set internal auth request fields. This could have allowed attacker to bypass authentication if login process was first successfully attacked to allow arbitrary code execution.
author: Timo Sirainen <tss@iki.fi>
date: Fri, 18 Nov 2011 22:07:16 +0200
parents: bf6749d4db08
children: f2608c3a64ee
--- a/src/auth/auth-request.h	Fri Nov 18 21:37:34 2011 +0200
+++ b/src/auth/auth-request.h	Fri Nov 18 22:07:16 2011 +0200
@@ -139,6 +139,10 @@
 			 struct auth_stream_reply *reply);
 bool auth_request_import(struct auth_request *request,
 			 const char *key, const char *value);
+bool auth_request_import_info(struct auth_request *request,
+			      const char *key, const char *value);
+bool auth_request_import_auth(struct auth_request *request,
+			      const char *key, const char *value);
 
 void auth_request_initial(struct auth_request *request);
 void auth_request_continue(struct auth_request *request,
author	Timo Sirainen <tss@iki.fi>
date	Fri, 18 Nov 2011 22:07:16 +0200
parents	bf6749d4db08
children	f2608c3a64ee