Mercurial > dovecot > core-2.2
changeset 20960:5ecd72688313
imap-login: Skip NIL value in ID handler
NIL value can cause hard crash, depending what
the key is. For x-proxy-ttl, NIL will crash
on any system, x-originating-ip will crash on
some nss versions (e.g. centos 6.7).
Migitating factor here is that the NIL value is only
accepted from trusted network.
author | Aki Tuomi <aki.tuomi@dovecot.fi> |
---|---|
date | Tue, 25 Oct 2016 10:29:50 +0300 |
parents | 7aca58261697 |
children | d2e877350c52 |
files | src/imap-login/imap-login-client.c |
diffstat | 1 files changed, 3 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/imap-login/imap-login-client.c Mon Oct 24 18:52:24 2016 +0300 +++ b/src/imap-login/imap-login-client.c Tue Oct 25 10:29:50 2016 +0300 @@ -150,6 +150,9 @@ client_update_info(struct imap_client *client, const char *key, const char *value) { + /* do not try to process NIL value */ + if (value == NULL) + return; if (strcasecmp(key, "x-originating-ip") == 0) { (void)net_addr2ip(value, &client->common.ip); } else if (strcasecmp(key, "x-originating-port") == 0) {