[exim-cvs] Do not permit change-of-separator for pam/radius …

Góra strony
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
Dla: exim-cvs
Temat: [exim-cvs] Do not permit change-of-separator for pam/radius expansion conditions
Gitweb: https://git.exim.org/exim.git/commitdiff/6723707404c72285565457b58c62afc6f1a9d36a
Commit:     6723707404c72285565457b58c62afc6f1a9d36a
Parent:     2acd1e740c9e2797adc10516fe95a177be38e741
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Fri Oct 25 15:23:09 2024 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Fri Oct 25 16:04:00 2024 +0100


    Do not permit change-of-separator for pam/radius expansion conditions
---
 src/src/auths/call_pwcheck.c | 5 ++---
 src/src/auths/cyrus_sasl.c   | 8 ++++----
 src/src/miscmods/pam.c       | 6 +++---
 src/src/miscmods/radius.c    | 2 +-
 4 files changed, 10 insertions(+), 11 deletions(-)


diff --git a/src/src/auths/call_pwcheck.c b/src/src/auths/call_pwcheck.c
index 88f708f62..5903d696e 100644
--- a/src/src/auths/call_pwcheck.c
+++ b/src/src/auths/call_pwcheck.c
@@ -37,10 +37,9 @@ Returns: OK if authentication succeeded
int
auth_call_pwcheck(uschar *s, uschar **errptr)
{
-uschar *reply = NULL;
-uschar *pw = Ustrrchr(s, ':');
+uschar * reply = NULL, * pw = Ustrrchr(s, ':');

-if (pw == NULL)
+if (!pw)
   {
   *errptr = US"pwcheck: malformed input - missing colon";
   return ERROR;
diff --git a/src/src/auths/cyrus_sasl.c b/src/src/auths/cyrus_sasl.c
index ed0995637..3b16ebcc9 100644
--- a/src/src/auths/cyrus_sasl.c
+++ b/src/src/auths/cyrus_sasl.c
@@ -111,7 +111,7 @@ auth_cyrus_sasl_init(driver_instance * a)
 auth_instance * ablock = (auth_instance *)a;
 auth_cyrus_sasl_options_block * ob = a->options_block;
 const uschar *list, *listptr, *buffer;
-int rc, i;
+int rc, sep;
 unsigned int len;
 rmark rs_point;
 uschar *expanded_hostname;
@@ -153,11 +153,11 @@ if ((rc = sasl_server_new(CS ob->server_service, CS expanded_hostname,
   log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator:  "
       "couldn't initialise Cyrus SASL server connection.", a->name);


-if ((rc = sasl_listmech(conn, NULL, "", ":", "", CCSS &list, &len, &i)) != SASL_OK)
+if ((rc = sasl_listmech(conn, NULL, "", ":", "", CCSS &list, &len, NULL)) != SASL_OK)
   log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator:  "
       "couldn't get Cyrus SASL mechanism list.", a->name);


-i = ':';
+sep = ':';
listptr = list;

HDEBUG(D_auth)
@@ -176,7 +176,7 @@ rs_point = store_mark();
/* loop until either we get to the end of the list, or we match the
public name of this authenticator */

-while (  (buffer = string_nextinlist(&listptr, &i, NULL, 0))
+while (  (buffer = string_nextinlist(&listptr, &sep, NULL, 0))
       && strcmpic(buffer,ob->server_mech) );


if (!buffer)
diff --git a/src/src/miscmods/pam.c b/src/src/miscmods/pam.c
index 1c94cc29f..1d391593a 100644
--- a/src/src/miscmods/pam.c
+++ b/src/src/miscmods/pam.c
@@ -120,7 +120,7 @@ return PAM_SUCCESS;
more data strings.

 Arguments:
-  s        a colon-separated list of strings
+  s        a (not-changeable-colon)-separated list of strings
   errptr   where to point an error message


Returns: OK if authentication succeeded
@@ -129,12 +129,12 @@ Returns: OK if authentication succeeded
*/

 static int
-auth_call_pam(const uschar *s, uschar **errptr)
+auth_call_pam(const uschar * s, uschar ** errptr)
 {
 pam_handle_t *pamh = NULL;
 struct pam_conv pamc;
 int pam_error;
-int sep = 0;
+int sep = ':';    /* Do not permit change-of-separator */
 uschar *user;


/* Set up the input data structure: the address of the conversation function,
diff --git a/src/src/miscmods/radius.c b/src/src/miscmods/radius.c
index b52c06ec1..8e784438b 100644
--- a/src/src/miscmods/radius.c
+++ b/src/src/miscmods/radius.c
@@ -73,7 +73,7 @@ auth_call_radius(const uschar *s, uschar **errptr)
uschar *user;
const uschar *radius_args = s;
int result;
-int sep = 0;
+int sep = ':';

#ifdef RADIUS_LIB_RADLIB
struct rad_handle *h;

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/