# HG changeset patch # User Timo Sirainen # Date 1253735645 -10800 # Node ID b1293abca645027f28311ffe95c23d5deeffd9f4 # Parent 0f04c7da33f17dc95bf3946faddf2bb07bfaaf59 imap proxy: Detect and log invalid remote input. diff -r 0f04c7da33f1 -r b1293abca645 src/imap-login/client.h --- a/src/imap-login/client.h Mon Sep 21 18:36:25 2009 +0300 +++ b/src/imap-login/client.h Wed Sep 23 22:54:05 2009 +0300 @@ -33,6 +33,7 @@ unsigned int cmd_finished:1; unsigned int proxy_sasl_ir:1; unsigned int proxy_seen_banner:1; + unsigned int proxy_wait_auth_continue:1; unsigned int skip_line:1; unsigned int input_blocked:1; unsigned int destroyed:1; diff -r 0f04c7da33f1 -r b1293abca645 src/imap-login/imap-proxy.c --- a/src/imap-login/imap-proxy.c Mon Sep 21 18:36:25 2009 +0300 +++ b/src/imap-login/imap-proxy.c Wed Sep 23 22:54:05 2009 +0300 @@ -158,6 +158,7 @@ } else { /* master user login without SASL initial response */ str_append(str, "L AUTHENTICATE PLAIN"); + client->proxy_wait_auth_continue = TRUE; } str_append(str, "\r\n"); } @@ -221,6 +222,13 @@ return 0; } else if (*line == '+') { /* AUTHENTICATE started. finish it. */ + if (!client->proxy_wait_auth_continue) { + client_syslog_err(&client->common, t_strdup_printf( + "proxy: Unexpected input: %s", + str_sanitize(line, 160))); + proxy_failed(client, TRUE); + return -1; + } str = t_str_new(128); get_plain_auth(client, str); str_append(str, "\r\n"); @@ -352,6 +360,9 @@ return 0; } else { /* tagged reply, shouldn't happen. */ + client_syslog_err(&client->common, t_strdup_printf( + "proxy: Unexpected input, ignoring: %s", + str_sanitize(line, 160))); return 0; } } @@ -437,6 +448,7 @@ client->proxy_sasl_ir = FALSE; client->proxy_seen_banner = FALSE; + client->proxy_wait_auth_continue = FALSE; client->proxy_user = i_strdup(user); client->proxy_master_user = i_strdup(master_user); client->proxy_password = i_strdup(password);