From 5b2169951b214e713179a6484a72a41af789d388 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Wed, 31 Jan 2018 22:14:49 +0100
Subject: [PATCH] lib-imap-urlauth: Fix segfault occurring when userid part is
 missing for "user+" or "submit+" URLAUTH access.

---
 src/lib-imap-urlauth/imap-urlauth.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/lib-imap-urlauth/imap-urlauth.c b/src/lib-imap-urlauth/imap-urlauth.c
index b4f8ca4cba..39b58d3d72 100644
--- a/src/lib-imap-urlauth/imap-urlauth.c
+++ b/src/lib-imap-urlauth/imap-urlauth.c
@@ -165,6 +165,10 @@ imap_urlauth_check_access(struct imap_urlauth_context *uctx,
 		/* these access types are only allowed if URL is accessed through imap */
 		if (strcasecmp(url->uauth_access_application, "user") == 0) {
 			/* user+<access_user> */
+			if (url->uauth_access_user == NULL) {
+				*error_r = "URLAUTH `user' access is missing userid";
+				return FALSE;
+			}
 			if (!uctx->access_anonymous ||
 				  strcasecmp(url->uauth_access_user, uctx->access_user) == 0)
 				return TRUE;
@@ -189,6 +193,9 @@ imap_urlauth_check_access(struct imap_urlauth_context *uctx,
 				"No '%s%s' access allowed for submission service",
 				url->uauth_access_application, userid);
 			return FALSE;
+		} else if (url->uauth_access_user == NULL) {
+			*error_r = "URLAUTH `submit' access is missing userid";
+			return FALSE;
 		} else if (!uctx->access_anonymous &&
 			strcasecmp(url->uauth_access_user, uctx->access_user) == 0) {
 			return TRUE;