Mercurial > dovecot > core-2.2

changeset 4017:e2d267e6f930 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Check that we don't pass around key=value pairs with empty keys.
author Timo Sirainen <tss@iki.fi>
date Tue, 14 Feb 2006 19:43:04 +0200
parents 0d3dd32999a0
children 989dd95aa8b9
files src/auth/auth-request.c src/auth/auth-stream.c src/auth/passdb-ldap.c src/auth/passdb-sql.c src/auth/userdb-ldap.c src/auth/userdb-sql.c src/auth/userdb-static.c src/master/mail-process.c
diffstat 8 files changed, 14 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-request.c	Tue Feb 14 19:42:25 2006 +0200
+++ b/src/auth/auth-request.c	Tue Feb 14 19:43:04 2006 +0200
@@ -515,6 +515,7 @@
 			    const char *name, const char *value,
 			    const char *default_scheme)
 {
+	i_assert(*name != '\0');
 	i_assert(value != NULL);
 
 	if (strcmp(name, "password") == 0) {
--- a/src/auth/auth-stream.c	Tue Feb 14 19:42:25 2006 +0200
+++ b/src/auth/auth-stream.c	Tue Feb 14 19:43:04 2006 +0200
@@ -25,6 +25,7 @@
 	if (str_len(reply->str) > 0)
 		str_append_c(reply->str, '\t');
 	if (key != NULL) {
+		i_assert(*key != '\0');
 		i_assert(strchr(key, '\t') == NULL &&
 			 strchr(key, '\n') == NULL);
 
--- a/src/auth/passdb-ldap.c	Tue Feb 14 19:42:25 2006 +0200
+++ b/src/auth/passdb-ldap.c	Tue Feb 14 19:43:04 2006 +0200
@@ -59,7 +59,7 @@
 				    name != NULL ? name : "?unknown?");
 		}
 
-		if (name != NULL && vals != NULL) {
+		if (name != NULL && vals != NULL && *name != '\0') {
 			for (i = 0; vals[i] != NULL; i++) {
 				if (debug != NULL) {
 					if (i != 0)
--- a/src/auth/passdb-sql.c	Tue Feb 14 19:42:25 2006 +0200
+++ b/src/auth/passdb-sql.c	Tue Feb 14 19:43:04 2006 +0200
@@ -43,7 +43,7 @@
 		name = sql_result_get_field_name(result, i);
 		value = sql_result_get_field_value(result, i);
 
-		if (value != NULL) {
+		if (*name != '\0' && value != NULL) {
 			auth_request_set_field(auth_request, name, value,
 				module->conn->set.default_pass_scheme);
 		}
--- a/src/auth/userdb-ldap.c	Tue Feb 14 19:42:25 2006 +0200
+++ b/src/auth/userdb-ldap.c	Tue Feb 14 19:43:04 2006 +0200
@@ -93,7 +93,7 @@
 						     name, vals)) 
 					return NULL;
 				seen_gid = TRUE;
-			} else {
+			} else if (*name != '\0') {
 				for (i = 0; vals[i] != NULL; i++) {
 					auth_stream_reply_add(reply, name,
 							      vals[i]);
--- a/src/auth/userdb-sql.c	Tue Feb 14 19:42:25 2006 +0200
+++ b/src/auth/userdb-sql.c	Tue Feb 14 19:43:04 2006 +0200
@@ -60,7 +60,8 @@
 			value = dec2str(gid);
 		}
 
-		auth_stream_reply_add(reply, name, value);
+		if (*name != '\0')
+			auth_stream_reply_add(reply, name, value);
 	}
 
 	if (uid == (uid_t)-1) {
--- a/src/auth/userdb-static.c	Tue Feb 14 19:42:25 2006 +0200
+++ b/src/auth/userdb-static.c	Tue Feb 14 19:43:04 2006 +0200
@@ -94,6 +94,8 @@
 					value);
 			}
 			value = dec2str(gid);
+		} else if (*key == '\0') {
+			i_fatal("Status userdb: Empty key (=%s)", value);
 		}
 		key = p_strdup(auth_userdb->auth->pool, key);
 		value = p_strdup(auth_userdb->auth->pool, value);
--- a/src/master/mail-process.c	Tue Feb 14 19:42:25 2006 +0200
+++ b/src/master/mail-process.c	Tue Feb 14 19:43:04 2006 +0200
@@ -499,6 +499,11 @@
 	/* add extra args. uppercase key value. */
 	args = array_get(&extra_args, &count);
 	for (i = 0; i < count; i++) {
+		if (*args[i] == '=') {
+			/* Should be caught by dovecot-auth already */
+			i_fatal("Userdb returned data with empty key (%s)",
+				args[i]);
+		}
 		p = strchr(args[i], '=');
 		if (p == NULL) {
 			/* boolean */