projects / dovecot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3f63b71) | patch
[PATCH 2/3] imap-acl: Fail if ACL identifier is invalid
authorTimo Sirainen <timo.sirainen@open-xchange.com>
Wed, 22 Apr 2026 12:44:24 +0000 (15:44 +0300)
committerNoah Meyerhans <noahm@debian.org>
Mon, 18 May 2026 20:03:51 +0000 (16:03 -0400)
commit252f3775b53674afb344e830a9718a83c4453069
treedd0983f9cba70b78cc47e6fad908ac5a87d1e039tree | snapshot
parent3f63b712f83e35e707a845bdebb73187966518aacommit | diff
[PATCH 2/3] imap-acl: Fail if ACL identifier is invalid

Reject invalid identifiers early in imap_acl_identifier_parse() using
acl_id_is_valid(). This prevents CR/LF injection and rejects identifiers
that are too long, contain control characters or are not valid UTF-8.

Gbp-Pq: Name CVE-2026-40020-2.patch
src/plugins/imap-acl/imap-acl-plugin.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.