9pfs/solanum-vs-hackint-and-charybdis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sasl_usercloak: make the magic string more specific

Browse source 
Require '/account' at the end of the spoof, rather than
'account' anywhere.
This commit is contained in:
Ed Kellett 2020-01-02 15:49:15 +00:00
parent 5d5603b6ef
commit cdeca37ec3
No known key found for this signature in database
GPG key ID: CB9986DEF342FABC
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
extensions/sasl_usercloak.c
View file

@ -46,10 +46,12 @@ check_new_user(void *vdata)
if (EmptyString(source_p->user->suser)) if (EmptyString(source_p->user->suser))
return; return;
char *accountpart = strstr(source_p->orighost, "account"); char *accountpart = strstr(source_p->orighost, "/account");
if (!accountpart) if (!accountpart || accountpart[8] != '\0')
return; return;
accountpart += 1;
char buf[HOSTLEN]; char buf[HOSTLEN];
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
char *dst = buf; char *dst = buf;