auth-worker: Fix potential crash when importing passdb/userdb fields …

…without value. These were being converted to NULL values in auth-worker, while elsewhere they were converted to "". Changed to "" here as well and added asserts to make sure they won't happen again. Most of the NULL values would have been fine, but overriding any IP/port fields would have caused a crash when trying to parse the value.
dovecot · Oct 28, 2016 · 026d971 · 026d971
1 parent 2c96c51
commit 026d971
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
@@ -356,6 +356,8 @@ void auth_request_export(struct auth_request *request, string_t *dest)
 bool auth_request_import_info(struct auth_request *request,
 			      const char *key, const char *value)
 {
+	i_assert(value != NULL);
+
 	/* authentication and user lookups may set these */
 	if (strcmp(key, "service") == 0)
 		request->service = p_strdup(request->pool, value);
@@ -399,6 +401,8 @@ bool auth_request_import_info(struct auth_request *request,
 bool auth_request_import_auth(struct auth_request *request,
 			      const char *key, const char *value)
 {
+	i_assert(value != NULL);
+
 	if (auth_request_import_info(request, key, value))
 		return TRUE;
 
@@ -429,6 +433,8 @@ bool auth_request_import_master(struct auth_request *request,
 {
 	pid_t pid;
 
+	i_assert(value != NULL);
+
 	/* master request lookups may set these */
 	if (strcmp(key, "session_pid") == 0) {
 		if (str_to_pid(value, &pid) == 0)
@@ -443,6 +449,8 @@ bool auth_request_import_master(struct auth_request *request,
 bool auth_request_import(struct auth_request *request,
 			 const char *key, const char *value)
 {
+	i_assert(value != NULL);
+
 	if (auth_request_import_auth(request, key, value))
 		return TRUE;
 

diff --git a/src/auth/auth-worker-client.c b/src/auth/auth-worker-client.c
@@ -92,7 +92,7 @@ worker_auth_request_new(struct auth_worker_client *client, unsigned int id,
 	for (; *args != NULL; args++) {
 		value = strchr(*args, '=');
 		if (value == NULL)
-			(void)auth_request_import(auth_request, *args, NULL);
+			(void)auth_request_import(auth_request, *args, "");
 		else {
 			key = t_strdup_until(*args, value++);
 			(void)auth_request_import(auth_request, key, value);