[dovecot/core] ef0c36: global: Code cleanup - Use t_strsplit_tabescaped()...

GitHub noreply at github.com
Thu Oct 20 20:30:10 UTC 2016 

  Branch: refs/heads/master
  Home:   https://github.com/dovecot/core
  Commit: ef0c36aa8114feee80aa696d9cb8106140371243
      https://github.com/dovecot/core/commit/ef0c36aa8114feee80aa696d9cb8106140371243
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-10-20 (Thu, 20 Oct 2016)

  Changed paths:
    M src/doveadm/client-connection.c
    M src/doveadm/doveadm-stats.c
    M src/indexer/indexer-client.c
    M src/lib-auth/auth-master.c
    M src/lib-master/master-login.c
    M src/stats/client.c
    M src/util/script-login.c

  Log Message:
  -----------
  global: Code cleanup - Use t_strsplit_tabescaped() to avoid str_tabunescape()


  Commit: 7a60e1dc9e93ef3f7c7fe1af6385a0bfa1e31bc3
      https://github.com/dovecot/core/commit/7a60e1dc9e93ef3f7c7fe1af6385a0bfa1e31bc3
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-10-20 (Thu, 20 Oct 2016)

  Changed paths:
    M src/anvil/anvil-connection.c
    M src/auth/auth-fields.c
    M src/auth/auth-master-connection.c
    M src/auth/auth-request-handler.c
    M src/auth/passdb-blocking.c
    M src/auth/passdb-cache.c
    M src/config/config-connection.c
    M src/director/director-connection.c
    M src/director/director-test.c
    M src/director/doveadm-connection.c
    M src/director/login-connection.c
    M src/doveadm/doveadm-director.c
    M src/doveadm/doveadm-penalty.c
    M src/doveadm/doveadm-proxy.c
    M src/doveadm/doveadm-replicator.c
    M src/doveadm/doveadm-who.c
    M src/doveadm/dsync/dsync-ibc-stream.c
    M src/indexer/indexer-client.c
    M src/ipc/ipc-connection.c
    M src/lib-auth/auth-master.c
    M src/lib-auth/auth-server-connection.c
    M src/lib-master/master-login-auth.c
    M src/lib-master/master-service-settings.c
    M src/login-common/login-proxy.c
    M src/plugins/push-notification/push-notification-driver-ox.c

  Log Message:
  -----------
  global: Replaced t_strsplit_tab() calls with t_strsplit_tabescaped()

This is useful especially in auth code to support LFs in extra fields.

Other pieces of code were also tab-escaping strings, but never unescaping
them. Usually it didn't matter, because nobody would use the escaped
characters. Still, the code wasn't exactly behaving correctly.

One downside to this change is that it's now possible to pass through TABs,
CRs and LFs through the various protocols. In theory this shouldn't cause
any problems, but combined with other bugs this could trigger some security
problems.


  Commit: e8a936d1e264fa1d161b00ce77e2bfdf4a3b3219
      https://github.com/dovecot/core/commit/e8a936d1e264fa1d161b00ce77e2bfdf4a3b3219
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-10-20 (Thu, 20 Oct 2016)

  Changed paths:
    M src/lib/test-strescape.c

  Log Message:
  -----------
  lib: Added unit tests for string tabescaping.


Compare: https://github.com/dovecot/core/compare/acfda38b75d0...e8a936d1e264

More information about the dovecot-cvs mailing list