mirrors/maddy
1
0
Fork 0
mirror of https://github.com/foxcpp/maddy.git synced 2025-04-05 14:07:38 +03:00
Code Issues Projects Releases Packages Wiki Activity

auth: Actually check SASL identity argument before using it

Browse source 
Fixes GHSA-4g76-w3xw-2x6w.
This commit is contained in:
fox.cpp 2023-03-12 15:43:21 +03:00
parent ac4a75b7d5
commit 9f58cb64b3
No known key found for this signature in database
GPG key ID: 5B991F6215D2FCC0
2 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/auth/sasl.go
View file

@ -81,6 +81,9 @@ func (s *SASLAuth) CreateSASL(mech string, remoteAddr net.Addr, successCb func(i
if identity == "" {
identity = username
}
if identity != username {
return ErrInvalidAuthCred
}
err := s.AuthPlain(username, password)
if err != nil {

4
internal/auth/sasl_test.go
View file

@ -75,13 +75,13 @@ func TestCreateSASL(t *testing.T) {
t.Run("PLAIN with authorization identity", func(t *testing.T) {
srv := a.CreateSASL("PLAIN", &net.TCPAddr{}, func(id string) error {
if id != "user1a" {
if id != "user1" {
t.Fatal("Wrong authorization identity passed:", id)
}
return nil
})
_, _, err := srv.Next([]byte("user1a\x00user1\x00aa"))
_, _, err := srv.Next([]byte("user1\x00user1\x00aa"))
if err != nil {
t.Error("Unexpected error:", err)
}