Mercurial > dovecot > core-2.2
changeset 20845:11f6f45baf3e
doveadm director kick: Escape username properly.
This only mattered if the username contained \001, TAB or LF characters,
which isn't normal.
| author | Timo Sirainen <timo.sirainen@dovecot.fi> |
|---|---|
| date | Thu, 06 Oct 2016 15:19:51 +0300 |
| parents | 90fad61ff8ae |
| children | 9d70a6f86e24 |
| files | src/doveadm/doveadm-director.c |
| diffstat | 1 files changed, 7 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/doveadm/doveadm-director.c Thu Oct 06 15:13:30 2016 +0300 +++ b/src/doveadm/doveadm-director.c Thu Oct 06 15:19:51 2016 +0300 @@ -4,6 +4,7 @@ #include "md5.h" #include "hash.h" #include "str.h" +#include "strescape.h" #include "net.h" #include "istream.h" #include "write-full.h" @@ -586,6 +587,7 @@ { struct director_context *ctx; const char *line; + string_t *cmd = t_str_new(64); ctx = cmd_director_init(cctx); if (ctx->user == NULL) { @@ -593,7 +595,11 @@ return; } - director_send(ctx, t_strdup_printf("USER-KICK\t%s\n", ctx->user)); + str_append(cmd, "USER-KICK\t"); + str_append_tabescaped(cmd, ctx->user); + str_append_c(cmd, '\n'); + + director_send(ctx, str_c(cmd)); line = i_stream_read_next_line(ctx->input); if (line == NULL) { i_error("failed");