From 83e00a53449ac9118181f808dc8f4e08e789950f Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Wed, 22 Apr 2026 15:45:00 +0300 Subject: [PATCH] [PATCH 3/3] acl: Assert-crash if ACL identifier is invalid before writing it It should have been checked earlier already. Gbp-Pq: Name CVE-2026-40020-3.patch --- src/plugins/acl/acl-backend-vfile-update.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/plugins/acl/acl-backend-vfile-update.c b/src/plugins/acl/acl-backend-vfile-update.c index 1c81a4f..ed52398 100644 --- a/src/plugins/acl/acl-backend-vfile-update.c +++ b/src/plugins/acl/acl-backend-vfile-update.c @@ -119,6 +119,7 @@ vfile_write_right(string_t *dest, const struct acl_rights *right, if (neg) str_append_c(dest,'-'); acl_rights_write_id(dest, right); + i_assert(acl_id_is_valid(str_c(dest))); if (strchr(str_c(dest), ' ') != NULL) T_BEGIN { /* need to escape it */ const char *escaped = t_strdup(str_escape(str_c(dest))); -- 2.30.2