From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Wed, 22 Apr 2026 12:44:24 +0000 (+0300)
Subject: [PATCH 2/3] imap-acl: Fail if ACL identifier is invalid
X-Git-Tag: archive/raspbian/1%2.4.1+dfsg1-6+rpi1+deb13u6^2~3
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=252f3775b53674afb344e830a9718a83c4453069;p=dovecot.git

[PATCH 2/3] imap-acl: Fail if ACL identifier is invalid

Reject invalid identifiers early in imap_acl_identifier_parse() using
acl_id_is_valid(). This prevents CR/LF injection and rejects identifiers
that are too long, contain control characters or are not valid UTF-8.

Gbp-Pq: Name CVE-2026-40020-2.patch
---

diff --git a/src/plugins/imap-acl/imap-acl-plugin.c b/src/plugins/imap-acl/imap-acl-plugin.c
index df403d0..20fe134 100644
--- a/src/plugins/imap-acl/imap-acl-plugin.c
+++ b/src/plugins/imap-acl/imap-acl-plugin.c
@@ -872,6 +872,11 @@ imap_acl_identifier_parse(struct client_command_context *cmd,
 	allow_anyone = set->allow_anyone;
 	settings_free(set);
 
+	if (!acl_id_is_valid(id)) {
+		*client_error_r = "Invalid identifier";
+		return -1;
+	}
+
 	if (str_begins_with(id, IMAP_ACL_GLOBAL_PREFIX)) {
 		*client_error_r = t_strdup_printf(
 			"Global ACLs can't be modified: %s", id);