Mercurial > dovecot > original-hg > dovecot-1.2
changeset 7117:769181a20483 HEAD
Make sure all user input is sanitized before it's logged.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Sun, 06 Jan 2008 01:56:37 +0200 |
| parents | df5e4bea11e2 |
| children | b626d8975193 |
| files | src/imap-login/imap-proxy.c src/login-common/client-common.c src/login-common/login-proxy.c src/pop3-login/pop3-proxy.c |
| diffstat | 4 files changed, 21 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/src/imap-login/imap-proxy.c Sun Jan 06 01:50:13 2008 +0200 +++ b/src/imap-login/imap-proxy.c Sun Jan 06 01:56:37 2008 +0200 @@ -5,6 +5,7 @@ #include "istream.h" #include "ostream.h" #include "str.h" +#include "str-sanitize.h" #include "safe-memset.h" #include "client.h" #include "imap-quote.h" @@ -21,9 +22,9 @@ if (!client->proxy_login_sent) { /* this is a banner */ if (strncmp(line, "* OK ", 5) != 0) { - i_error("imap-proxy(%s): " - "Remote returned invalid banner: %s", - client->common.virtual_user, line); + client_syslog(&client->common, t_strdup_printf( + "proxy: Remote returned invalid banner: %s", + str_sanitize(line, 160))); client_destroy_internal_failure(client); return -1; } @@ -115,8 +116,8 @@ switch (i_stream_read(input)) { case -2: /* buffer full */ - i_error("imap-proxy(%s): Remote input buffer full", - client->common.virtual_user); + client_syslog(&client->common, + "proxy: Remote input buffer full"); client_destroy_internal_failure(client); return; case -1: @@ -138,8 +139,7 @@ i_assert(!client->destroyed); if (password == NULL) { - i_error("proxy(%s): password not given", - client->common.virtual_user); + client_syslog(&client->common, "proxy: password not given"); return -1; }
--- a/src/login-common/client-common.c Sun Jan 06 01:50:13 2008 +0200 +++ b/src/login-common/client-common.c Sun Jan 06 01:56:37 2008 +0200 @@ -60,6 +60,7 @@ { '\0', NULL } }; struct var_expand_table *tab; + unsigned int i; tab = t_malloc(sizeof(static_tab)); memcpy(tab, static_tab, sizeof(static_tab)); @@ -69,6 +70,9 @@ tab[1].value = t_strcut(client->virtual_user, '@'); tab[2].value = strchr(client->virtual_user, '@'); if (tab[2].value != NULL) tab[2].value++; + + for (i = 0; i < 3; i++) + tab[i].value = str_sanitize(tab[i].value, 80); } tab[3].value = login_protocol; tab[4].value = getenv("HOME");
--- a/src/login-common/login-proxy.c Sun Jan 06 01:50:13 2008 +0200 +++ b/src/login-common/login-proxy.c Sun Jan 06 01:56:37 2008 +0200 @@ -5,6 +5,7 @@ #include "istream.h" #include "ostream.h" #include "hash.h" +#include "str-sanitize.h" #include "client-common.h" #include "login-proxy.h" @@ -189,7 +190,8 @@ ipstr = net_ip2addr(&proxy->ip); i_info("proxy(%s): disconnecting %s", - proxy->user, ipstr != NULL ? ipstr : ""); + str_sanitize(proxy->user, 80), + ipstr != NULL ? ipstr : ""); if (proxy->client_io != NULL) io_remove(&proxy->client_io);
--- a/src/pop3-login/pop3-proxy.c Sun Jan 06 01:50:13 2008 +0200 +++ b/src/pop3-login/pop3-proxy.c Sun Jan 06 01:56:37 2008 +0200 @@ -7,6 +7,7 @@ #include "base64.h" #include "safe-memset.h" #include "str.h" +#include "str-sanitize.h" #include "client.h" #include "pop3-proxy.h" @@ -40,8 +41,8 @@ switch (i_stream_read(input)) { case -2: /* buffer full */ - i_error("pop-proxy(%s): Remote input buffer full", - client->common.virtual_user); + client_syslog(&client->common, + "proxy: Remote input buffer full"); client_destroy_internal_failure(client); return; case -1: @@ -58,9 +59,9 @@ case 0: /* this is a banner */ if (strncmp(line, "+OK", 3) != 0) { - i_error("pop3-proxy(%s): " - "Remote returned invalid banner: %s", - client->common.virtual_user, line); + client_syslog(&client->common, t_strdup_printf( + "proxy: Remote returned invalid banner: %s", + str_sanitize(line, 160))); client_destroy_internal_failure(client); return; } @@ -148,8 +149,7 @@ i_assert(!client->destroyed); if (password == NULL) { - i_error("proxy(%s): password not given", - client->common.virtual_user); + client_syslog(&client->common, "proxy: password not given"); return -1; }