Gitweb:
https://git.exim.org/exim.git/commitdiff/6723707404c72285565457b58c62afc6f1a9d36a
Commit: 6723707404c72285565457b58c62afc6f1a9d36a
Parent: 2acd1e740c9e2797adc10516fe95a177be38e741
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Fri Oct 25 15:23:09 2024 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Fri Oct 25 16:04:00 2024 +0100
Do not permit change-of-separator for pam/radius expansion conditions
---
src/src/auths/call_pwcheck.c | 5 ++---
src/src/auths/cyrus_sasl.c | 8 ++++----
src/src/miscmods/pam.c | 6 +++---
src/src/miscmods/radius.c | 2 +-
4 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/src/src/auths/call_pwcheck.c b/src/src/auths/call_pwcheck.c
index 88f708f62..5903d696e 100644
--- a/src/src/auths/call_pwcheck.c
+++ b/src/src/auths/call_pwcheck.c
@@ -37,10 +37,9 @@ Returns: OK if authentication succeeded
int
auth_call_pwcheck(uschar *s, uschar **errptr)
{
-uschar *reply = NULL;
-uschar *pw = Ustrrchr(s, ':');
+uschar * reply = NULL, * pw = Ustrrchr(s, ':');
-if (pw == NULL)
+if (!pw)
{
*errptr = US"pwcheck: malformed input - missing colon";
return ERROR;
diff --git a/src/src/auths/cyrus_sasl.c b/src/src/auths/cyrus_sasl.c
index ed0995637..3b16ebcc9 100644
--- a/src/src/auths/cyrus_sasl.c
+++ b/src/src/auths/cyrus_sasl.c
@@ -111,7 +111,7 @@ auth_cyrus_sasl_init(driver_instance * a)
auth_instance * ablock = (auth_instance *)a;
auth_cyrus_sasl_options_block * ob = a->options_block;
const uschar *list, *listptr, *buffer;
-int rc, i;
+int rc, sep;
unsigned int len;
rmark rs_point;
uschar *expanded_hostname;
@@ -153,11 +153,11 @@ if ((rc = sasl_server_new(CS ob->server_service, CS expanded_hostname,
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
"couldn't initialise Cyrus SASL server connection.", a->name);
-if ((rc = sasl_listmech(conn, NULL, "", ":", "", CCSS &list, &len, &i)) != SASL_OK)
+if ((rc = sasl_listmech(conn, NULL, "", ":", "", CCSS &list, &len, NULL)) != SASL_OK)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
"couldn't get Cyrus SASL mechanism list.", a->name);
-i = ':';
+sep = ':';
listptr = list;
HDEBUG(D_auth)
@@ -176,7 +176,7 @@ rs_point = store_mark();
/* loop until either we get to the end of the list, or we match the
public name of this authenticator */
-while ( (buffer = string_nextinlist(&listptr, &i, NULL, 0))
+while ( (buffer = string_nextinlist(&listptr, &sep, NULL, 0))
&& strcmpic(buffer,ob->server_mech) );
if (!buffer)
diff --git a/src/src/miscmods/pam.c b/src/src/miscmods/pam.c
index 1c94cc29f..1d391593a 100644
--- a/src/src/miscmods/pam.c
+++ b/src/src/miscmods/pam.c
@@ -120,7 +120,7 @@ return PAM_SUCCESS;
more data strings.
Arguments:
- s a colon-separated list of strings
+ s a (not-changeable-colon)-separated list of strings
errptr where to point an error message
Returns: OK if authentication succeeded
@@ -129,12 +129,12 @@ Returns: OK if authentication succeeded
*/
static int
-auth_call_pam(const uschar *s, uschar **errptr)
+auth_call_pam(const uschar * s, uschar ** errptr)
{
pam_handle_t *pamh = NULL;
struct pam_conv pamc;
int pam_error;
-int sep = 0;
+int sep = ':'; /* Do not permit change-of-separator */
uschar *user;
/* Set up the input data structure: the address of the conversation function,
diff --git a/src/src/miscmods/radius.c b/src/src/miscmods/radius.c
index b52c06ec1..8e784438b 100644
--- a/src/src/miscmods/radius.c
+++ b/src/src/miscmods/radius.c
@@ -73,7 +73,7 @@ auth_call_radius(const uschar *s, uschar **errptr)
uschar *user;
const uschar *radius_args = s;
int result;
-int sep = 0;
+int sep = ':';
#ifdef RADIUS_LIB_RADLIB
struct rad_handle *h;
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
