[dovecot/core] 9ba5a9: global: Replaced t_strsplit_tab() calls with t_str...
GitHub
noreply at github.com
Wed Jul 12 20:00:13 EEST 2017
Branch: refs/heads/master-2.2
Home: https://github.com/dovecot/core
Commit: 9ba5a9d52127c9319a5d96076ebcf59a1c3135d6
https://github.com/dovecot/core/commit/9ba5a9d52127c9319a5d96076ebcf59a1c3135d6
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-07-12 (Wed, 12 Jul 2017)
Changed paths:
M src/anvil/anvil-connection.c
M src/auth/auth-fields.c
M src/auth/auth-master-connection.c
M src/auth/passdb-blocking.c
M src/auth/passdb-cache.c
M src/config/config-connection.c
M src/director/director-connection.c
M src/director/director-test.c
M src/director/login-connection.c
M src/doveadm/doveadm-director.c
M src/doveadm/doveadm-penalty.c
M src/doveadm/doveadm-proxy.c
M src/doveadm/doveadm-replicator.c
M src/doveadm/doveadm-who.c
M src/doveadm/dsync/dsync-ibc-stream.c
M src/ipc/ipc-connection.c
M src/lib-auth/auth-master.c
M src/lib-auth/auth-server-connection.c
M src/lib-master/master-login-auth.c
M src/lib-master/master-service-settings.c
M src/login-common/login-proxy.c
M src/plugins/push-notification/push-notification-driver-ox.c
Log Message:
-----------
global: Replaced t_strsplit_tab() calls with t_strsplit_tabescaped()
This is useful especially in auth code to support LFs in extra fields.
Other pieces of code were also tab-escaping strings, but never unescaping
them. Usually it didn't matter, because nobody would use the escaped
characters. Still, the code wasn't exactly behaving correctly.
One downside to this change is that it's now possible to pass through TABs,
CRs and LFs through the various protocols. In theory this shouldn't cause
any problems, but combined with other bugs this could trigger some security
problems.
More information about the dovecot-cvs
mailing list