Mercurial > dovecot > original-hg > dovecot-1.2
diff src/auth/mech-gssapi.c @ 9324:5d53b1d66d1b HEAD
auth: Check for potentially dangerous NULs in usernames.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 14 Aug 2009 02:54:41 -0400 |
parents | 0ec0b1f1ac6a |
children | a37fa30b0072 |
line wrap: on
line diff
--- a/src/auth/mech-gssapi.c Fri Aug 14 02:54:02 2009 -0400 +++ b/src/auth/mech-gssapi.c Fri Aug 14 02:54:41 2009 -0400 @@ -213,6 +213,18 @@ return name; } +static bool data_has_nuls(const void *data, unsigned int len) +{ + const unsigned char *c = data; + unsigned int i; + + for (i = 0; i < len; i++) { + if (c[i] == '\0') + return TRUE; + } + return FALSE; +} + static int get_display_name(struct auth_request *auth_request, gss_name_t name, gss_OID *name_type_r, const char **display_name_r) { @@ -226,6 +238,11 @@ GSS_C_GSS_CODE, "gss_display_name"); return -1; } + if (data_has_nuls(buf.value, buf.length)) { + auth_request_log_info(auth_request, "gssapi", + "authn_name has NULs"); + return -1; + } *display_name_r = t_strndup(buf.value, buf.length); (void)gss_release_buffer(&minor_status, &buf); return 0; @@ -497,6 +514,12 @@ name = (unsigned char *)outbuf.value + 4; name_len = outbuf.length - 4; + if (data_has_nuls(name, name_len)) { + auth_request_log_info(auth_request, "gssapi", + "authz_name has NULs"); + return -1; + } + login_user = p_strndup(auth_request->pool, name, name_len); request->authz_name = import_name(auth_request, name, name_len); if (request->authz_name == GSS_C_NO_NAME) {