Mercurial > hg > nginx-vendor-0-5
diff src/mail/ngx_mail_handler.c @ 316:24def6198d7f NGINX_0_5_28
nginx 0.5.28
*) Security: the "msie_refresh" directive allowed XSS.
Thanks to Maxim Boguk.
*) Bugfix: a segmentation fault might occur in worker process if the
"auth_http_header" directive was used.
Thanks to Maxim Dounin.
*) Bugfix: a segmentation fault occurred in worker process if the
CRAM-MD5 authentication method was used, but it was not enabled.
*) Bugfix: a segmentation fault might occur in worker process if the
eventport method was used.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Tue, 17 Jul 2007 00:00:00 +0400 |
| parents | 2ceaee987f37 |
| children | 7cf404023f50 |
line wrap: on
line diff
--- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -708,7 +708,10 @@ ngx_pop3_auth_state(ngx_event_t *rev) (u_char *) "CRAM-MD5", 8) == 0) { - if (s->args.nelts != 1) { + if (!(cscf->pop3_auth_methods + & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) + || s->args.nelts != 1) + { rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; } @@ -1368,7 +1371,13 @@ ngx_smtp_auth_state(ngx_event_t *rev) (u_char *) "CRAM-MD5", 8) == 0) { - if (s->args.nelts != 1) { + cscf = ngx_mail_get_module_srv_conf(s, + ngx_mail_core_module); + + if (!(cscf->smtp_auth_methods + & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) + || s->args.nelts != 1) + { rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; }