Resolve ticket #38806 (Inadequate validation of authentication data)

Charlie Brady.

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@633 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
John Peacock 2006-04-07 19:21:10 +00:00
parent 7c6cbdd000
commit ff4e92bb4e

View File

@ -27,11 +27,21 @@ sub SASL {
( $passHash, $user, $passClear ) = split /\x0/, ( $passHash, $user, $passClear ) = split /\x0/,
decode_base64($prekey); decode_base64($prekey);
unless ($user && $passClear) {
$session->respond(504, "Invalid authentification string");
return DECLINED;
}
} }
elsif ($mechanism eq "login") { elsif ($mechanism eq "login") {
if ( $prekey ) { if ( $prekey ) {
($passHash, $user, $passClear) = split /\x0/, decode_base64($prekey); ( $passHash, $user, $passClear ) = split /\x0/,
decode_base64($prekey);
unless ($user && $passClear) {
$session->respond(504, "Invalid authentification string");
return DECLINED;
}
} }
else { else {