Mercurial > dovecot > original-hg > dovecot-1.2
comparison src/auth/mech-cram-md5.c @ 9324:5d53b1d66d1b HEAD
auth: Check for potentially dangerous NULs in usernames.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 14 Aug 2009 02:54:41 -0400 |
parents | 84eea1977632 |
children | 00cd9aacd03c |
comparison
equal
deleted
inserted
replaced
9323:93e2b0519e65 | 9324:5d53b1d66d1b |
---|---|
83 *error_r = NULL; | 83 *error_r = NULL; |
84 | 84 |
85 /* <username> SPACE <response>. Username may contain spaces, so assume | 85 /* <username> SPACE <response>. Username may contain spaces, so assume |
86 the rightmost space is the response separator. */ | 86 the rightmost space is the response separator. */ |
87 for (i = space = 0; i < size; i++) { | 87 for (i = space = 0; i < size; i++) { |
88 if (data[i] == '\0') { | |
89 *error_r = "NULs in response"; | |
90 return FALSE; | |
91 } | |
88 if (data[i] == ' ') | 92 if (data[i] == ' ') |
89 space = i; | 93 space = i; |
90 } | 94 } |
91 | 95 |
92 if (space == 0) { | 96 if (space == 0) { |