diff -Nur qpsmtpd-0.84_bz9167/plugins/auth/auth_cvm_unix_local qpsmtpd-0.84/plugins/auth/auth_cvm_unix_local --- qpsmtpd-0.84_bz9167/plugins/auth/auth_cvm_unix_local 2009-04-03 07:48:33.000000000 +0200 +++ qpsmtpd-0.84/plugins/auth/auth_cvm_unix_local 2016-01-06 17:06:18.782453739 +0100 @@ -85,6 +85,11 @@ $self->log(LOGINFO, "authcvm/$method authentication attempt for: $user"); + if ($user =~ /\x00/) { + $self->log(LOGERROR, "deny: invalid username"); + return (DENY, "authcvm, invalid username"); + }; + socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or return (DENY, "authcvm/$method");