dovecot-2.2: auth: Fixed crash with DIGEST-MD5 when attempting t...
dovecot at dovecot.org
dovecot at dovecot.org
Sun May 20 03:26:36 EEST 2012
details: http://hg.dovecot.org/dovecot-2.2/rev/23543c407e81
changeset: 14573:23543c407e81
user: Timo Sirainen <tss at iki.fi>
date: Sat May 19 22:25:27 2012 +0300
description:
auth: Fixed crash with DIGEST-MD5 when attempting to do master user login without master passdbs.
diffstat:
src/auth/auth-request.c | 27 ++++++++++++++++++++-------
1 files changed, 20 insertions(+), 7 deletions(-)
diffs (51 lines):
diff -r 8f72002cb394 -r 23543c407e81 src/auth/auth-request.c
--- a/src/auth/auth-request.c Sat May 19 22:11:41 2012 +0300
+++ b/src/auth/auth-request.c Sat May 19 22:25:27 2012 +0300
@@ -609,6 +609,20 @@
return FALSE;
}
+static bool auth_request_is_disabled_master_user(struct auth_request *request)
+{
+ if (request->passdb != NULL)
+ return FALSE;
+
+ /* no masterdbs, master logins not supported */
+ i_assert(request->requested_login_user != NULL);
+ auth_request_log_info(request, "passdb",
+ "Attempted master login with no master passdbs "
+ "(trying to log in as user: %s)",
+ request->requested_login_user);
+ return TRUE;
+}
+
void auth_request_verify_plain(struct auth_request *request,
const char *password,
verify_plain_callback_t *callback)
@@ -619,13 +633,7 @@
i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
- if (request->passdb == NULL) {
- /* no masterdbs, master logins not supported */
- i_assert(request->requested_login_user != NULL);
- auth_request_log_info(request, "passdb",
- "Attempted master login with no master passdbs "
- "(trying to log in as user: %s)",
- request->requested_login_user);
+ if (auth_request_is_disabled_master_user(request)) {
callback(PASSDB_RESULT_USER_UNKNOWN, request);
return;
}
@@ -746,6 +754,11 @@
i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
+ if (auth_request_is_disabled_master_user(request)) {
+ callback(PASSDB_RESULT_USER_UNKNOWN, NULL, 0, request);
+ return;
+ }
+
request->credentials_scheme = p_strdup(request->pool, scheme);
request->private_callback.lookup_credentials = callback;
More information about the dovecot-cvs
mailing list