From ff4e92bb4ec5e3eb36fc33dfad703f5d9bf468b7 Mon Sep 17 00:00:00 2001 From: John Peacock Date: Fri, 7 Apr 2006 19:21:10 +0000 Subject: [PATCH] Resolve ticket #38806 (Inadequate validation of authentication data) Charlie Brady. git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@633 958fd67b-6ff1-0310-b445-bb7760255be9 --- lib/Qpsmtpd/Auth.pm | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/Qpsmtpd/Auth.pm b/lib/Qpsmtpd/Auth.pm index 3ad3fce..6274493 100644 --- a/lib/Qpsmtpd/Auth.pm +++ b/lib/Qpsmtpd/Auth.pm @@ -27,11 +27,21 @@ sub SASL { ( $passHash, $user, $passClear ) = split /\x0/, decode_base64($prekey); + unless ($user && $passClear) { + $session->respond(504, "Invalid authentification string"); + return DECLINED; + } } elsif ($mechanism eq "login") { if ( $prekey ) { - ($passHash, $user, $passClear) = split /\x0/, decode_base64($prekey); + ( $passHash, $user, $passClear ) = split /\x0/, + decode_base64($prekey); + + unless ($user && $passClear) { + $session->respond(504, "Invalid authentification string"); + return DECLINED; + } } else {