[PATCH 2 of 7] Mail: add IMAP client ID value to mail auth script
Maxim Dounin
mdounin at mdounin.ru
Fri Jan 17 04:07:39 UTC 2014
Hello!
On Tue, Jan 14, 2014 at 12:54:19PM +0100, Filipe da Silva wrote:
> # HG changeset patch
> # User Filipe da Silva <fdasilvayy at gmail.com>
> # Date 1389700230 -3600
> # Tue Jan 14 12:50:30 2014 +0100
> # Node ID ece46b257e8d31a1a7a81bf5fcdd0271c1dc2318
> # Parent 0ff28c3c519125db11ae3c56fbf34a7a5975a452
> Mail: add IMAP client ID value to mail auth script.
>
> diff -r 0ff28c3c5191 -r ece46b257e8d src/mail/ngx_mail_auth_http_module.c
> --- a/src/mail/ngx_mail_auth_http_module.c Tue Jan 14 12:50:10 2014 +0100
> +++ b/src/mail/ngx_mail_auth_http_module.c Tue Jan 14 12:50:30 2014 +0100
> @@ -1176,6 +1176,11 @@
> + ahcf->header.len
> + sizeof(CRLF) - 1;
>
> + if (s->protocol == NGX_MAIL_IMAP_PROTOCOL) {
> + len += sizeof("Client-IMAP-ID: ") - 1
> + + s->imap_client_id.len + sizeof(CRLF) - 1;
> + }
> +
Auth-IMAP-ID would be more in-line with other names used.
> b = ngx_create_temp_buf(pool, len);
> if (b == NULL) {
> return NULL;
> @@ -1254,6 +1259,13 @@
> *b->last++ = CR; *b->last++ = LF;
>
> }
> + if (s->protocol == NGX_MAIL_IMAP_PROTOCOL) {
> + b->last = ngx_cpymem(b->last, "Client-IMAP-ID: ",
> + sizeof("Client-IMAP-ID: ") - 1);
> + b->last = ngx_copy(b->last,
> + s->imap_client_id.data, s->imap_client_id.len);
> + *b->last++ = CR; *b->last++ = LF;
> + }
This will create a security hole, as ID parameters
may contain anything.
>
> if (ahcf->header.len) {
> b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len);
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list