From 04a9a8773dfb30dcc86c6146eed175a9a115f6b2 Mon Sep 17 00:00:00 2001 From: Hivert Quentin Date: Fri, 11 Oct 2024 15:10:19 +0200 Subject: [PATCH] fix(security) : fix a security issue introduced in 5.11.1 --- SoObjects/SOGo/SOGoUserManager.m | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index d0f93d43bb..db392f7f8e 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -643,11 +643,15 @@ - (BOOL) checkLogin: (NSString *) _login allowed = YES; if([domainsKnown length] == 0 && [domainsAllowed length] == 0) + { [self errorWithFormat: @"SOGoForbidUnknownDomainsAuth is set but sogo don't know any domains"]; + return NO; + } else if(!allowed) + { [self errorWithFormat: @"User domain is unknown or not allowed: %@", userDomain]; - - return allowed; + return NO; + } } // We check the fail count per user in memcache (per server). If the