Mercurial > dovecot > core-2.2
changeset 9938:aedf642c8bc8 HEAD
imap proxy: Detect and log invalid remote input.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 23 Sep 2009 23:12:58 +0300 |
parents | 49cd8e736a8a |
children | 9b4bb1a7d789 |
files | src/imap-login/client.h src/imap-login/imap-proxy.c |
diffstat | 2 files changed, 15 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/imap-login/client.h Sun Sep 13 21:40:51 2009 -0400 +++ b/src/imap-login/client.h Wed Sep 23 23:12:58 2009 +0300 @@ -15,6 +15,7 @@ unsigned int cmd_finished:1; unsigned int proxy_sasl_ir:1; unsigned int proxy_seen_banner:1; + unsigned int proxy_wait_auth_continue:1; unsigned int skip_line:1; unsigned int id_logged:1; unsigned int client_ignores_capability_resp_code:1;
--- a/src/imap-login/imap-proxy.c Sun Sep 13 21:40:51 2009 -0400 +++ b/src/imap-login/imap-proxy.c Wed Sep 23 23:12:58 2009 +0300 @@ -91,6 +91,7 @@ } else { /* master user login without SASL initial response */ str_append(str, "L AUTHENTICATE PLAIN"); + client->proxy_wait_auth_continue = TRUE; } str_append(str, "\r\n"); } @@ -155,6 +156,15 @@ return 0; } else if (*line == '+') { /* AUTHENTICATE started. finish it. */ + if (!imap_client->proxy_wait_auth_continue) { + client_log_err(client, t_strdup_printf( + "proxy: Unexpected input: %s", + str_sanitize(line, 160))); + client_proxy_failed(client, TRUE); + return -1; + } + imap_client->proxy_wait_auth_continue = FALSE; + str = t_str_new(128); get_plain_auth(client, str); str_append(str, "\r\n"); @@ -250,6 +260,9 @@ return 0; } else { /* tagged reply, shouldn't happen. */ + client_log_err(client, t_strdup_printf( + "proxy: Unexpected input, ignoring: %s", + str_sanitize(line, 160))); return 0; } } @@ -260,4 +273,5 @@ imap_client->proxy_sasl_ir = FALSE; imap_client->proxy_seen_banner = FALSE; + imap_client->proxy_wait_auth_continue = FALSE; }