rpms / dovecot

Clone
Source Code
GIT

Blame SOURCES/dovecot-2.2.36-cve_2019_3814part3of3.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   ae961a9361a3b8e5288455c39f8ebb892674112a
  2.   SOURCES
  3.   dovecot-2.2.36-cve_2019_3814part3of3.patch
Blob History Raw
ae961a 
From e5d428297d70e3ac8b6dfce7e0de182b86825082 Mon Sep 17 00:00:00 2001
ae961a 
From: Aki Tuomi <aki.tuomi@open-xchange.com>
ae961a 
Date: Wed, 16 Jan 2019 18:28:57 +0200
ae961a 
Subject: [PATCH] auth: Do not import empty certificate username
ae961a
ae961a 
---
ae961a 
 src/auth/auth-request.c | 2 +-
ae961a 
 1 file changed, 1 insertion(+), 1 deletion(-)
ae961a
ae961a 
diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
ae961a 
index dd288b6d23..1cb665ec8c 100644
ae961a 
--- a/src/auth/auth-request.c
ae961a 
+++ b/src/auth/auth-request.c
ae961a 
@@ -445,7 +445,7 @@ bool auth_request_import_auth(struct auth_request *request,
ae961a 
 	else if (strcmp(key, "valid-client-cert") == 0)
ae961a 
 		request->valid_client_cert = TRUE;
ae961a 
 	else if (strcmp(key, "cert_username") == 0) {
ae961a 
-		if (request->set->ssl_username_from_cert) {
ae961a 
+		if (request->set->ssl_username_from_cert && *value != '\0') {
ae961a 
 			/* get username from SSL certificate. it overrides
ae961a 
 			   the username given by the auth mechanism. */
ae961a 
 			request->user = p_strdup(request->pool, value);

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation