# HG changeset patch # User Timo Sirainen # Date 1195409640 -7200 # Node ID ff62b2323a978aaa2895c431fc13c7d1776b6341 # Parent 337e6a9a29595374edee6f058a473a5134d6cb64 Disable processing input while it's not expected, otherwise we could get there and crash while master is processing the login. Also allow client to send the SASL data within the same IP packet as the AUTH/AUTHENTICATE command without hanging. diff -r 337e6a9a2959 -r ff62b2323a97 src/imap-login/client-authenticate.c --- a/src/imap-login/client-authenticate.c Sun Nov 18 11:18:45 2007 +0200 +++ b/src/imap-login/client-authenticate.c Sun Nov 18 20:14:00 2007 +0200 @@ -66,12 +66,9 @@ if (strcmp(line, "*") == 0) { sasl_server_auth_client_error(&client->common, "Authentication aborted"); - } else if (client->common.waiting_auth_reply) { - sasl_server_auth_client_error(&client->common, - "Don't send unrequested data"); } else { auth_client_request_continue(client->common.auth_request, line); - client->common.waiting_auth_reply = TRUE; + io_remove(&client->io); /* clear sensitive data */ safe_memset(line, 0, strlen(line)); @@ -243,6 +240,11 @@ /* don't check return value here. it gets tricky if we try to call client_destroy() in here. */ (void)o_stream_sendv(client->output, iov, 3); + + i_assert(client->io == NULL); + client->io = io_add(client->common.fd, IO_READ, + client_auth_input, client); + client_auth_input(client); return; } @@ -274,11 +276,9 @@ if (!client->common.authenticating) return 1; - /* following input data will go to authentication */ + /* don't handle input until we get the initial auth reply */ if (client->io != NULL) io_remove(&client->io); - client->io = io_add(client->common.fd, IO_READ, - client_auth_input, client); return 0; } diff -r 337e6a9a2959 -r ff62b2323a97 src/login-common/client-common.h --- a/src/login-common/client-common.h Sun Nov 18 11:18:45 2007 +0200 +++ b/src/login-common/client-common.h Sun Nov 18 20:14:00 2007 +0200 @@ -24,7 +24,6 @@ unsigned int tls:1; unsigned int secured:1; unsigned int authenticating:1; - unsigned int waiting_auth_reply:1; /* ... */ }; diff -r 337e6a9a2959 -r ff62b2323a97 src/pop3-login/client-authenticate.c --- a/src/pop3-login/client-authenticate.c Sun Nov 18 11:18:45 2007 +0200 +++ b/src/pop3-login/client-authenticate.c Sun Nov 18 20:14:00 2007 +0200 @@ -73,12 +73,9 @@ if (strcmp(line, "*") == 0) { sasl_server_auth_client_error(&client->common, "Authentication aborted"); - } else if (client->common.waiting_auth_reply) { - sasl_server_auth_client_error(&client->common, - "Don't send unrequested data"); } else { auth_client_request_continue(client->common.auth_request, line); - client->common.waiting_auth_reply = TRUE; + io_remove(&client->io); /* clear sensitive data */ safe_memset(line, 0, strlen(line)); @@ -215,6 +212,11 @@ /* don't check return value here. it gets tricky if we try to call client_destroy() in here. */ (void)o_stream_sendv(client->output, iov, 3); + + i_assert(client->io == NULL); + client->io = io_add(client->common.fd, IO_READ, + client_auth_input, client); + client_auth_input(client); return; } @@ -258,11 +260,9 @@ if (!client->common.authenticating) return TRUE; - /* following input data will go to authentication */ + /* don't handle input until we get the initial auth reply */ if (client->io != NULL) io_remove(&client->io); - client->io = io_add(client->common.fd, IO_READ, - client_auth_input, client); return TRUE; }