Mercurial > dovecot > original-hg > dovecot-1.2
comparison src/auth/mech-cram-md5.c @ 9324:5d53b1d66d1b HEAD
auth: Check for potentially dangerous NULs in usernames.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Fri, 14 Aug 2009 02:54:41 -0400 |
| parents | 84eea1977632 |
| children | 00cd9aacd03c |
comparison
equal
deleted
inserted
replaced
| 9323:93e2b0519e65 | 9324:5d53b1d66d1b |
|---|---|
| 83 *error_r = NULL; | 83 *error_r = NULL; |
| 84 | 84 |
| 85 /* <username> SPACE <response>. Username may contain spaces, so assume | 85 /* <username> SPACE <response>. Username may contain spaces, so assume |
| 86 the rightmost space is the response separator. */ | 86 the rightmost space is the response separator. */ |
| 87 for (i = space = 0; i < size; i++) { | 87 for (i = space = 0; i < size; i++) { |
| 88 if (data[i] == '\0') { | |
| 89 *error_r = "NULs in response"; | |
| 90 return FALSE; | |
| 91 } | |
| 88 if (data[i] == ' ') | 92 if (data[i] == ' ') |
| 89 space = i; | 93 space = i; |
| 90 } | 94 } |
| 91 | 95 |
| 92 if (space == 0) { | 96 if (space == 0) { |