fix(security) : fix a security issue introduced in 5.11.1

Alinto · Oct 11, 2024 · 04a9a87 · 04a9a87
1 parent a466628
commit 04a9a87
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m
@@ -643,11 +643,15 @@ - (BOOL) checkLogin: (NSString *) _login
       allowed = YES;
 
     if([domainsKnown length] == 0 && [domainsAllowed length] == 0)
+    {
       [self errorWithFormat: @"SOGoForbidUnknownDomainsAuth is set but sogo don't know any domains"];
+      return NO;
+    }
     else if(!allowed)
+    {
       [self errorWithFormat: @"User domain is unknown or not allowed: %@", userDomain];
-
-    return allowed;
+      return NO;
+    }
   }
 
   // We check the fail count per user in memcache (per server). If the