Mercurial > dovecot > core-2.2
diff src/auth/auth-request.h @ 13728:9a6aa717bc46
auth: Don't allow auth clients to set internal auth request fields.
This could have allowed attacker to bypass authentication if login process
was first successfully attacked to allow arbitrary code execution.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 18 Nov 2011 22:07:16 +0200 |
parents | bf6749d4db08 |
children | f2608c3a64ee |
line wrap: on
line diff
--- a/src/auth/auth-request.h Fri Nov 18 21:37:34 2011 +0200 +++ b/src/auth/auth-request.h Fri Nov 18 22:07:16 2011 +0200 @@ -139,6 +139,10 @@ struct auth_stream_reply *reply); bool auth_request_import(struct auth_request *request, const char *key, const char *value); +bool auth_request_import_info(struct auth_request *request, + const char *key, const char *value); +bool auth_request_import_auth(struct auth_request *request, + const char *key, const char *value); void auth_request_initial(struct auth_request *request); void auth_request_continue(struct auth_request *request,