Mercurial > dovecot > original-hg > dovecot-1.2

changeset 6834:ff62b2323a97 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Disable processing input while it's not expected, otherwise we could get there and crash while master is processing the login. Also allow client to send the SASL data within the same IP packet as the AUTH/AUTHENTICATE command without hanging.
author Timo Sirainen <tss@iki.fi>
date Sun, 18 Nov 2007 20:14:00 +0200
parents 337e6a9a2959
children ff9e591a2aa5
files src/imap-login/client-authenticate.c src/login-common/client-common.h src/pop3-login/client-authenticate.c
diffstat 3 files changed, 14 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/src/imap-login/client-authenticate.c	Sun Nov 18 11:18:45 2007 +0200
+++ b/src/imap-login/client-authenticate.c	Sun Nov 18 20:14:00 2007 +0200
@@ -66,12 +66,9 @@
 	if (strcmp(line, "*") == 0) {
 		sasl_server_auth_client_error(&client->common,
 					      "Authentication aborted");
-	} else if (client->common.waiting_auth_reply) {
-		sasl_server_auth_client_error(&client->common,
-					      "Don't send unrequested data");
 	} else {
 		auth_client_request_continue(client->common.auth_request, line);
-		client->common.waiting_auth_reply = TRUE;
+		io_remove(&client->io);
 
 		/* clear sensitive data */
 		safe_memset(line, 0, strlen(line));
@@ -243,6 +240,11 @@
 		/* don't check return value here. it gets tricky if we try
 		   to call client_destroy() in here. */
 		(void)o_stream_sendv(client->output, iov, 3);
+
+		i_assert(client->io == NULL);
+		client->io = io_add(client->common.fd, IO_READ,
+				    client_auth_input, client);
+		client_auth_input(client);
 		return;
 	}
 
@@ -274,11 +276,9 @@
 	if (!client->common.authenticating)
 		return 1;
 
-	/* following input data will go to authentication */
+	/* don't handle input until we get the initial auth reply */
 	if (client->io != NULL)
 		io_remove(&client->io);
-	client->io = io_add(client->common.fd, IO_READ,
-			    client_auth_input, client);
 	return 0;
 }
 
--- a/src/login-common/client-common.h	Sun Nov 18 11:18:45 2007 +0200
+++ b/src/login-common/client-common.h	Sun Nov 18 20:14:00 2007 +0200
@@ -24,7 +24,6 @@
 	unsigned int tls:1;
 	unsigned int secured:1;
 	unsigned int authenticating:1;
-	unsigned int waiting_auth_reply:1;
 	/* ... */
 };
 
--- a/src/pop3-login/client-authenticate.c	Sun Nov 18 11:18:45 2007 +0200
+++ b/src/pop3-login/client-authenticate.c	Sun Nov 18 20:14:00 2007 +0200
@@ -73,12 +73,9 @@
 	if (strcmp(line, "*") == 0) {
 		sasl_server_auth_client_error(&client->common,
 					      "Authentication aborted");
-	} else if (client->common.waiting_auth_reply) {
-		sasl_server_auth_client_error(&client->common,
-					      "Don't send unrequested data");
 	} else {
 		auth_client_request_continue(client->common.auth_request, line);
-		client->common.waiting_auth_reply = TRUE;
+		io_remove(&client->io);
 
 		/* clear sensitive data */
 		safe_memset(line, 0, strlen(line));
@@ -215,6 +212,11 @@
 		/* don't check return value here. it gets tricky if we try
 		   to call client_destroy() in here. */
 		(void)o_stream_sendv(client->output, iov, 3);
+
+		i_assert(client->io == NULL);
+		client->io = io_add(client->common.fd, IO_READ,
+				    client_auth_input, client);
+		client_auth_input(client);
 		return;
 	}
 
@@ -258,11 +260,9 @@
 	if (!client->common.authenticating)
 		return TRUE;
 
-	/* following input data will go to authentication */
+	/* don't handle input until we get the initial auth reply */
 	if (client->io != NULL)
 		io_remove(&client->io);
-	client->io = io_add(client->common.fd, IO_READ,
-			    client_auth_input, client);
 	return TRUE;
 }