From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Wed, 22 Apr 2026 12:45:00 +0000 (+0300)
Subject: [PATCH 3/3] acl: Assert-crash if ACL identifier is invalid before writing it
X-Git-Tag: archive/raspbian/1%2.4.1+dfsg1-6+rpi1+deb13u6^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=83e00a53449ac9118181f808dc8f4e08e789950f;p=dovecot.git

[PATCH 3/3] acl: Assert-crash if ACL identifier is invalid before writing it

It should have been checked earlier already.

Gbp-Pq: Name CVE-2026-40020-3.patch
---

diff --git a/src/plugins/acl/acl-backend-vfile-update.c b/src/plugins/acl/acl-backend-vfile-update.c
index 1c81a4f..ed52398 100644
--- a/src/plugins/acl/acl-backend-vfile-update.c
+++ b/src/plugins/acl/acl-backend-vfile-update.c
@@ -119,6 +119,7 @@ vfile_write_right(string_t *dest, const struct acl_rights *right,
 	if (neg) str_append_c(dest,'-');
 	acl_rights_write_id(dest, right);
 
+	i_assert(acl_id_is_valid(str_c(dest)));
 	if (strchr(str_c(dest), ' ') != NULL) T_BEGIN {
 		/* need to escape it */
 		const char *escaped = t_strdup(str_escape(str_c(dest)));