Mercurial > hg > nginx
comparison src/mail/ngx_mail_parse.c @ 9287:32d4582c484d
Mail: fixed EXTERNAL to be accepted only if enabled.
As originally implemented in 6774:bcb107bb89cd, it wasn't possible to
disable the EXTERNAL authentication method: it was always accepted
(but not advertised unless enabled). It is, however, believed that
it is better to reject attempts to use the disabled method, hence in
6869:b2915d99ee8d an attempt was made to address this. This attempt
was insufficient though: it was still possible to use the method as long
as initial SASL response was used.
With this patch both challenge-response and initial response forms are
disabled. Additionally, initial response handling for the PLAIN
authentication is removed from ngx_mail_auth_parse(), for consistency
and to don't provoke such bugs.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:05 +0300 |
parents | b38728495e1a |
children | 20017bff0de8 |
comparison
equal
deleted
inserted
replaced
9286:d9fe808c1841 | 9287:32d4582c484d |
---|---|
932 return NGX_MAIL_PARSE_INVALID_COMMAND; | 932 return NGX_MAIL_PARSE_INVALID_COMMAND; |
933 } | 933 } |
934 | 934 |
935 if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) { | 935 if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) { |
936 | 936 |
937 if (s->args.nelts == 1) { | 937 if (s->args.nelts == 1 || s->args.nelts == 2) { |
938 return NGX_MAIL_AUTH_PLAIN; | 938 return NGX_MAIL_AUTH_PLAIN; |
939 } | 939 } |
940 | 940 |
941 if (s->args.nelts == 2) { | 941 return NGX_MAIL_PARSE_INVALID_COMMAND; |
942 return ngx_mail_auth_plain(s, c, 1); | |
943 } | |
944 } | 942 } |
945 | 943 |
946 return NGX_MAIL_PARSE_INVALID_COMMAND; | 944 return NGX_MAIL_PARSE_INVALID_COMMAND; |
947 } | 945 } |
948 | 946 |
957 return NGX_MAIL_AUTH_CRAM_MD5; | 955 return NGX_MAIL_AUTH_CRAM_MD5; |
958 } | 956 } |
959 | 957 |
960 if (ngx_strncasecmp(arg[0].data, (u_char *) "EXTERNAL", 8) == 0) { | 958 if (ngx_strncasecmp(arg[0].data, (u_char *) "EXTERNAL", 8) == 0) { |
961 | 959 |
962 if (s->args.nelts == 1) { | 960 if (s->args.nelts == 1 || s->args.nelts == 2) { |
963 return NGX_MAIL_AUTH_EXTERNAL; | 961 return NGX_MAIL_AUTH_EXTERNAL; |
964 } | 962 } |
965 | 963 |
966 if (s->args.nelts == 2) { | 964 return NGX_MAIL_PARSE_INVALID_COMMAND; |
967 return ngx_mail_auth_external(s, c, 1); | |
968 } | |
969 } | 965 } |
970 | 966 |
971 return NGX_MAIL_PARSE_INVALID_COMMAND; | 967 return NGX_MAIL_PARSE_INVALID_COMMAND; |
972 } | 968 } |
973 | 969 |