Resolve ticket #38806 (Inadequate validation of authentication data)
Charlie Brady. git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@633 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
parent
7c6cbdd000
commit
ff4e92bb4e
@ -27,11 +27,21 @@ sub SASL {
|
|||||||
( $passHash, $user, $passClear ) = split /\x0/,
|
( $passHash, $user, $passClear ) = split /\x0/,
|
||||||
decode_base64($prekey);
|
decode_base64($prekey);
|
||||||
|
|
||||||
|
unless ($user && $passClear) {
|
||||||
|
$session->respond(504, "Invalid authentification string");
|
||||||
|
return DECLINED;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
elsif ($mechanism eq "login") {
|
elsif ($mechanism eq "login") {
|
||||||
|
|
||||||
if ( $prekey ) {
|
if ( $prekey ) {
|
||||||
($passHash, $user, $passClear) = split /\x0/, decode_base64($prekey);
|
( $passHash, $user, $passClear ) = split /\x0/,
|
||||||
|
decode_base64($prekey);
|
||||||
|
|
||||||
|
unless ($user && $passClear) {
|
||||||
|
$session->respond(504, "Invalid authentification string");
|
||||||
|
return DECLINED;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user