Mercurial > dovecot > core-2.2
changeset 4017:e2d267e6f930 HEAD
Check that we don't pass around key=value pairs with empty keys.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 14 Feb 2006 19:43:04 +0200 |
parents | 0d3dd32999a0 |
children | 989dd95aa8b9 |
files | src/auth/auth-request.c src/auth/auth-stream.c src/auth/passdb-ldap.c src/auth/passdb-sql.c src/auth/userdb-ldap.c src/auth/userdb-sql.c src/auth/userdb-static.c src/master/mail-process.c |
diffstat | 8 files changed, 14 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request.c Tue Feb 14 19:42:25 2006 +0200 +++ b/src/auth/auth-request.c Tue Feb 14 19:43:04 2006 +0200 @@ -515,6 +515,7 @@ const char *name, const char *value, const char *default_scheme) { + i_assert(*name != '\0'); i_assert(value != NULL); if (strcmp(name, "password") == 0) {
--- a/src/auth/auth-stream.c Tue Feb 14 19:42:25 2006 +0200 +++ b/src/auth/auth-stream.c Tue Feb 14 19:43:04 2006 +0200 @@ -25,6 +25,7 @@ if (str_len(reply->str) > 0) str_append_c(reply->str, '\t'); if (key != NULL) { + i_assert(*key != '\0'); i_assert(strchr(key, '\t') == NULL && strchr(key, '\n') == NULL);
--- a/src/auth/passdb-ldap.c Tue Feb 14 19:42:25 2006 +0200 +++ b/src/auth/passdb-ldap.c Tue Feb 14 19:43:04 2006 +0200 @@ -59,7 +59,7 @@ name != NULL ? name : "?unknown?"); } - if (name != NULL && vals != NULL) { + if (name != NULL && vals != NULL && *name != '\0') { for (i = 0; vals[i] != NULL; i++) { if (debug != NULL) { if (i != 0)
--- a/src/auth/passdb-sql.c Tue Feb 14 19:42:25 2006 +0200 +++ b/src/auth/passdb-sql.c Tue Feb 14 19:43:04 2006 +0200 @@ -43,7 +43,7 @@ name = sql_result_get_field_name(result, i); value = sql_result_get_field_value(result, i); - if (value != NULL) { + if (*name != '\0' && value != NULL) { auth_request_set_field(auth_request, name, value, module->conn->set.default_pass_scheme); }
--- a/src/auth/userdb-ldap.c Tue Feb 14 19:42:25 2006 +0200 +++ b/src/auth/userdb-ldap.c Tue Feb 14 19:43:04 2006 +0200 @@ -93,7 +93,7 @@ name, vals)) return NULL; seen_gid = TRUE; - } else { + } else if (*name != '\0') { for (i = 0; vals[i] != NULL; i++) { auth_stream_reply_add(reply, name, vals[i]);
--- a/src/auth/userdb-sql.c Tue Feb 14 19:42:25 2006 +0200 +++ b/src/auth/userdb-sql.c Tue Feb 14 19:43:04 2006 +0200 @@ -60,7 +60,8 @@ value = dec2str(gid); } - auth_stream_reply_add(reply, name, value); + if (*name != '\0') + auth_stream_reply_add(reply, name, value); } if (uid == (uid_t)-1) {
--- a/src/auth/userdb-static.c Tue Feb 14 19:42:25 2006 +0200 +++ b/src/auth/userdb-static.c Tue Feb 14 19:43:04 2006 +0200 @@ -94,6 +94,8 @@ value); } value = dec2str(gid); + } else if (*key == '\0') { + i_fatal("Status userdb: Empty key (=%s)", value); } key = p_strdup(auth_userdb->auth->pool, key); value = p_strdup(auth_userdb->auth->pool, value);
--- a/src/master/mail-process.c Tue Feb 14 19:42:25 2006 +0200 +++ b/src/master/mail-process.c Tue Feb 14 19:43:04 2006 +0200 @@ -499,6 +499,11 @@ /* add extra args. uppercase key value. */ args = array_get(&extra_args, &count); for (i = 0; i < count; i++) { + if (*args[i] == '=') { + /* Should be caught by dovecot-auth already */ + i_fatal("Userdb returned data with empty key (%s)", + args[i]); + } p = strchr(args[i], '='); if (p == NULL) { /* boolean */