From: Timo Sirainen Date: Wed, 22 Apr 2026 12:43:58 +0000 (+0300) Subject: [PATCH 1/3] acl: Add acl_id_is_valid() X-Git-Tag: archive/raspbian/1%2.4.1+dfsg1-6+rpi1+deb13u6^2~4 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3f63b712f83e35e707a845bdebb73187966518aa;p=dovecot.git [PATCH 1/3] acl: Add acl_id_is_valid() Returns TRUE if the ACL identifier string is at most ACL_ID_MAX_LEN (1024) bytes long, contains no control characters and is valid UTF-8. Gbp-Pq: Name CVE-2026-40020-1.patch --- diff --git a/src/plugins/acl/acl-rights.c b/src/plugins/acl/acl-rights.c index f04c96b..639bc46 100644 --- a/src/plugins/acl/acl-rights.c +++ b/src/plugins/acl/acl-rights.c @@ -3,11 +3,14 @@ #include "lib.h" #include "array.h" #include "str.h" +#include "unichar.h" /* */ #include "strescape.h" /* */ #include "acl-api-private.h" +#include + /* */ const struct acl_letter_map acl_letter_map[] = { { 'l', MAIL_ACL_LOOKUP }, @@ -44,6 +47,19 @@ static_assert(N_ELEMENTS(acl_letter_map) == N_ELEMENTS(all_mailbox_rights), /* */ +bool acl_id_is_valid(const char *id) +{ + size_t len = strlen(id); + + if (len > ACL_ID_MAX_LEN) + return FALSE; + for (size_t i = 0; i < len; i++) { + if (i_iscntrl(id[i])) + return FALSE; + } + return uni_utf8_data_is_valid((const unsigned char *)id, len); +} + void acl_rights_write_id(string_t *dest, const struct acl_rights *right) { switch (right->id_type) { diff --git a/src/plugins/acl/acl-rights.h b/src/plugins/acl/acl-rights.h index 88ef73e..32163e7 100644 --- a/src/plugins/acl/acl-rights.h +++ b/src/plugins/acl/acl-rights.h @@ -34,6 +34,8 @@ #define ACL_ID_NAME_GROUP_PREFIX "group=" #define ACL_ID_NAME_GROUP_OVERRIDE_PREFIX "group-override=" +#define ACL_ID_MAX_LEN 1024 + struct acl_letter_map { const char letter; const char *name; @@ -104,6 +106,10 @@ struct acl_rights_update { time_t last_change; }; +/* Returns TRUE if the ACL identifier string is valid: no longer than + ACL_ID_MAX_LEN bytes, no control characters and valid UTF-8. */ +bool acl_id_is_valid(const char *id); + /* Returns the canonical ID for the right. */ const char *acl_rights_get_id(const struct acl_rights *right);