Mercurial > dovecot > core-2.2

changeset 21197:3da1e36b61af

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: Fix auth-policy crash when username is NULL If SASL request is invalid, or incomplete, and username is left NULL, handle it gracefully by adding just NUL byte in auth policy digest for username.
author Aki Tuomi <aki.tuomi@dovecot.fi>
date Wed, 23 Nov 2016 13:16:19 +0200
parents 4a0841b9fcc4
children bb081fa224e0
files src/auth/auth-policy.c
diffstat 1 files changed, 4 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-policy.c	Tue Nov 22 10:21:24 2016 -0500
+++ b/src/auth/auth-policy.c	Wed Nov 23 13:16:19 2016 +0200
@@ -442,7 +442,10 @@
 		context->set->policy_hash_nonce,
 		strlen(context->set->policy_hash_nonce));
 	/* use +1 to make sure \0 gets included */
-	digest->loop(ctx, context->request->user, strlen(context->request->user) + 1);
+	if (context->request->user == NULL)
+		digest->loop(ctx, "\0", 1);
+	else
+		digest->loop(ctx, context->request->user, strlen(context->request->user) + 1);
 	if (password != NULL)
 		digest->loop(ctx, password, strlen(password));
 	ptr = (unsigned char*)str_c_modifiable(buffer);