From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Tue, 24 Feb 2026 10:26:46 +0000 (+0200)
Subject: [PATCH 10/24] auth: userdb sql - Fix escaping for user iteration
X-Git-Tag: archive/raspbian/1%2.4.1+dfsg1-6+rpi1+deb13u4^2~16
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=81a1a45454a1043c38bce8a25d5b52693f644c40;p=dovecot.git

[PATCH 10/24] auth: userdb sql - Fix escaping for user iteration

This is mostly a non-issue, since userdb iteration doesn't take any
untrusted input.

Broken by ef0c63b690e6ef9fbd53cb815dfab50d1667ba3a

Gbp-Pq: Name CVE-2026-24031-27860-7.patch
---

diff --git a/src/auth/userdb-sql.c b/src/auth/userdb-sql.c
index 349f61c..09bac48 100644
--- a/src/auth/userdb-sql.c
+++ b/src/auth/userdb-sql.c
@@ -180,9 +180,13 @@ userdb_sql_iterate_init(struct auth_request *auth_request,
 	ctx->ctx.context = context;
 	auth_request_ref(auth_request);
 
-	if (settings_get(authdb_event(auth_request),
-			 &userdb_sql_setting_parser_info, 0,
-			 &set, &error) < 0) {
+	const struct settings_get_params params = {
+		.escape_func = userdb_sql_escape,
+		.escape_context = module->db,
+	};
+	if (settings_get_params(authdb_event(auth_request),
+				&userdb_sql_setting_parser_info, &params,
+				&set, &error) < 0) {
 		e_error(authdb_event(auth_request), "%s", error);
 		ctx->ctx.failed = TRUE;
 		return &ctx->ctx;