[dovecot-cvs] dovecot/src/auth mech-apop.c,1.23,1.24

[tss at dovecot.org]

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv14689

Modified Files:
	mech-apop.c 
Log Message:
Verify the APOP input before passing it to sscanf() to make sure it's
NUL-terminated.



Index: mech-apop.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-apop.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- mech-apop.c	8 Nov 2006 20:22:08 -0000	1.23
+++ mech-apop.c	26 Jan 2007 13:40:51 -0000	1.24
@@ -88,9 +88,25 @@
 	tmp = data;
 	end = data + data_size;
 
+	/* skip the challenge */
 	while (tmp != end && *tmp != '\0')
 		tmp++;
 
+	if (tmp != end) {
+		/* get the username */
+		username = ++tmp;
+		while (tmp != end && *tmp != '\0')
+			tmp++;
+	}
+
+	if (tmp + 1 + 16 != end) {
+		/* Should never happen */
+		auth_request_log_info(auth_request, "apop", "malformed data");
+		auth_request_fail(auth_request);
+		return;
+	}
+	tmp++;
+
 	/* the challenge must begin with trusted unique ID. we trust only
 	   ourself, so make sure it matches our connection specific UID
 	   which we told to client in handshake. Also require a timestamp
@@ -108,20 +124,6 @@
 	}
 	request->challenge = p_strdup(request->pool, (const char *)data);
 
-	if (tmp != end) {
-		username = ++tmp;
-		while (tmp != end && *tmp != '\0')
-			tmp++;
-	}
-
-	if (tmp + 1 + 16 != end) {
-		/* Should never happen */
-		auth_request_log_info(auth_request, "apop", "malformed data");
-		auth_request_fail(auth_request);
-		return;
-	}
-	tmp++;
-
 	if (!auth_request_set_username(auth_request, (const char *)username,
 				       &error)) {
 		auth_request_log_info(auth_request, "apop", "%s", error);