dovecot: Make sure all user input is sanitized before it's logged.

dovecot at dovecot.org dovecot at dovecot.org
Sun Jan 6 01:56:41 EET 2008 

details:   http://hg.dovecot.org/dovecot/rev/769181a20483
changeset: 7117:769181a20483
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Jan 06 01:56:37 2008 +0200
description:
Make sure all user input is sanitized before it's logged.

diffstat:

4 files changed, 21 insertions(+), 15 deletions(-)
src/imap-login/imap-proxy.c      |   14 +++++++-------
src/login-common/client-common.c |    4 ++++
src/login-common/login-proxy.c   |    4 +++-
src/pop3-login/pop3-proxy.c      |   14 +++++++-------

diffs (132 lines):

diff -r df5e4bea11e2 -r 769181a20483 src/imap-login/imap-proxy.c
--- a/src/imap-login/imap-proxy.c	Sun Jan 06 01:50:13 2008 +0200
+++ b/src/imap-login/imap-proxy.c	Sun Jan 06 01:56:37 2008 +0200
@@ -5,6 +5,7 @@
 #include "istream.h"
 #include "ostream.h"
 #include "str.h"
+#include "str-sanitize.h"
 #include "safe-memset.h"
 #include "client.h"
 #include "imap-quote.h"
@@ -21,9 +22,9 @@ static int proxy_input_line(struct imap_
 	if (!client->proxy_login_sent) {
 		/* this is a banner */
 		if (strncmp(line, "* OK ", 5) != 0) {
-			i_error("imap-proxy(%s): "
-				"Remote returned invalid banner: %s",
-				client->common.virtual_user, line);
+			client_syslog(&client->common, t_strdup_printf(
+				"proxy: Remote returned invalid banner: %s",
+				str_sanitize(line, 160)));
 			client_destroy_internal_failure(client);
 			return -1;
 		}
@@ -115,8 +116,8 @@ static void proxy_input(struct istream *
 	switch (i_stream_read(input)) {
 	case -2:
 		/* buffer full */
-		i_error("imap-proxy(%s): Remote input buffer full",
-			client->common.virtual_user);
+		client_syslog(&client->common,
+			      "proxy: Remote input buffer full");
 		client_destroy_internal_failure(client);
 		return;
 	case -1:
@@ -138,8 +139,7 @@ int imap_proxy_new(struct imap_client *c
 	i_assert(!client->destroyed);
 
 	if (password == NULL) {
-		i_error("proxy(%s): password not given",
-			client->common.virtual_user);
+		client_syslog(&client->common, "proxy: password not given");
 		return -1;
 	}
 
diff -r df5e4bea11e2 -r 769181a20483 src/login-common/client-common.c
--- a/src/login-common/client-common.c	Sun Jan 06 01:50:13 2008 +0200
+++ b/src/login-common/client-common.c	Sun Jan 06 01:56:37 2008 +0200
@@ -60,6 +60,7 @@ get_var_expand_table(struct client *clie
 		{ '\0', NULL }
 	};
 	struct var_expand_table *tab;
+	unsigned int i;
 
 	tab = t_malloc(sizeof(static_tab));
 	memcpy(tab, static_tab, sizeof(static_tab));
@@ -69,6 +70,9 @@ get_var_expand_table(struct client *clie
 		tab[1].value = t_strcut(client->virtual_user, '@');
 		tab[2].value = strchr(client->virtual_user, '@');
 		if (tab[2].value != NULL) tab[2].value++;
+
+		for (i = 0; i < 3; i++)
+			tab[i].value = str_sanitize(tab[i].value, 80);
 	}
 	tab[3].value = login_protocol;
 	tab[4].value = getenv("HOME");
diff -r df5e4bea11e2 -r 769181a20483 src/login-common/login-proxy.c
--- a/src/login-common/login-proxy.c	Sun Jan 06 01:50:13 2008 +0200
+++ b/src/login-common/login-proxy.c	Sun Jan 06 01:56:37 2008 +0200
@@ -5,6 +5,7 @@
 #include "istream.h"
 #include "ostream.h"
 #include "hash.h"
+#include "str-sanitize.h"
 #include "client-common.h"
 #include "login-proxy.h"
 
@@ -189,7 +190,8 @@ void login_proxy_free(struct login_proxy
 
 		ipstr = net_ip2addr(&proxy->ip);
 		i_info("proxy(%s): disconnecting %s",
-		       proxy->user, ipstr != NULL ? ipstr : "");
+		       str_sanitize(proxy->user, 80),
+		       ipstr != NULL ? ipstr : "");
 
 		if (proxy->client_io != NULL)
 			io_remove(&proxy->client_io);
diff -r df5e4bea11e2 -r 769181a20483 src/pop3-login/pop3-proxy.c
--- a/src/pop3-login/pop3-proxy.c	Sun Jan 06 01:50:13 2008 +0200
+++ b/src/pop3-login/pop3-proxy.c	Sun Jan 06 01:56:37 2008 +0200
@@ -7,6 +7,7 @@
 #include "base64.h"
 #include "safe-memset.h"
 #include "str.h"
+#include "str-sanitize.h"
 #include "client.h"
 #include "pop3-proxy.h"
 
@@ -40,8 +41,8 @@ static void proxy_input(struct istream *
 	switch (i_stream_read(input)) {
 	case -2:
 		/* buffer full */
-		i_error("pop-proxy(%s): Remote input buffer full",
-			client->common.virtual_user);
+		client_syslog(&client->common,
+			      "proxy: Remote input buffer full");
 		client_destroy_internal_failure(client);
 		return;
 	case -1:
@@ -58,9 +59,9 @@ static void proxy_input(struct istream *
 	case 0:
 		/* this is a banner */
 		if (strncmp(line, "+OK", 3) != 0) {
-			i_error("pop3-proxy(%s): "
-				"Remote returned invalid banner: %s",
-				client->common.virtual_user, line);
+			client_syslog(&client->common, t_strdup_printf(
+				"proxy: Remote returned invalid banner: %s",
+				str_sanitize(line, 160)));
 			client_destroy_internal_failure(client);
 			return;
 		}
@@ -148,8 +149,7 @@ int pop3_proxy_new(struct pop3_client *c
 	i_assert(!client->destroyed);
 
 	if (password == NULL) {
-		i_error("proxy(%s): password not given",
-			client->common.virtual_user);
+		client_syslog(&client->common, "proxy: password not given");
 		return -1;
 	}

More information about the dovecot-cvs mailing list