Mercurial > dovecot > original-hg > dovecot-1.2

changeset 9283:0de21e725d4e HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ssl_username_from_cert=yes: Don't truncate username, don't allow NULs in it.
author Timo Sirainen <tss@iki.fi>
date Tue, 04 Aug 2009 14:54:56 -0400
parents 9fe57d8ec946
children 8ea90a23ed74
files src/login-common/ssl-proxy-openssl.c
diffstat 1 files changed, 16 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c	Tue Aug 04 14:27:29 2009 -0400
+++ b/src/login-common/ssl-proxy-openssl.c	Tue Aug 04 14:54:56 2009 -0400
@@ -588,8 +588,8 @@
 const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy)
 {
 	X509 *x509;
-	char buf[1024];
-	const char *name;
+	char *name;
+	int len;
 
 	if (!ssl_proxy_has_valid_client_cert(proxy))
 		return NULL;
@@ -598,11 +598,21 @@
 	if (x509 == NULL)
 		return NULL; /* we should have had it.. */
 
-	if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
-				      ssl_username_nid, buf, sizeof(buf)) < 0)
+	len = X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
+					ssl_username_nid, NULL, 0);
+	if (len < 0)
 		name = "";
-	else
-		name = t_strndup(buf, sizeof(buf));
+	else {
+		name = t_malloc(len + 1);
+		if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509),
+					ssl_username_nid, name, len + 1) < 0)
+			name = "";
+		else if (strlen(name) != (size_t)len) {
+			/* NUL characters in name. Someone's trying to fake
+			   being another user? Don't allow it. */
+			name = "";
+		}
+	}
 	X509_free(x509);
 	
 	return *name == '\0' ? NULL : name;