nginx: src/mail/ngx_mail_imap_handler.c comparison

comparison src/mail/ngx_mail_imap_handler.c @ 9287:32d4582c484d

Mail: fixed EXTERNAL to be accepted only if enabled. As originally implemented in 6774:bcb107bb89cd, it wasn't possible to disable the EXTERNAL authentication method: it was always accepted (but not advertised unless enabled). It is, however, believed that it is better to reject attempts to use the disabled method, hence in 6869:b2915d99ee8d an attempt was made to address this. This attempt was insufficient though: it was still possible to use the method as long as initial SASL response was used. With this patch both challenge-response and initial response forms are disabled. Additionally, initial response handling for the PLAIN authentication is removed from ngx_mail_auth_parse(), for consistency and to don't provoke such bugs.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 03 Jun 2024 18:03:05 +0300
parents	d7fd0acdea64
children	4538c1ffb0f8

comparison

equal deleted inserted replaced

-:d9fe808c1841
+:32d4582c484d
 return ngx_mail_auth_login_username(s, c, 1);
 case NGX_MAIL_AUTH_PLAIN:
+if (s->args.nelts == 2) {
+return ngx_mail_auth_plain(s, c, 1);
+}
 ngx_str_set(&s->out, imap_plain_next);
 s->mail_state = ngx_imap_auth_plain;
 return NGX_OK;
 case NGX_MAIL_AUTH_EXTERNAL:
 if (!(iscf->auth_methods & NGX_MAIL_AUTH_EXTERNAL_ENABLED)) {
 return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
+if (s->args.nelts == 2) {
+return ngx_mail_auth_external(s, c, 1);
 }
 ngx_str_set(&s->out, imap_username);
 s->mail_state = ngx_imap_auth_external;

Mercurial > hg > nginx

comparison src/mail/ngx_mail_imap_handler.c @ 9287:32d4582c484d