Fix IMAP code to use password of arbitrary length from configuration

file (although not when read interactively). Debian Bug#276424.

svn path=/trunk/; revision=4170

2 files changed, 13 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index a2eae25f..78ae3f0c 100644
--- a/NEWS
+++ b/NEWS
@@ -137,6 +137,9 @@ OTHER CHANGES:
 * Make ODMR really silent, suppress "fetchmail: receiving message
   data". Fixes Debian Bug#296163. Matthias Andree.
 * Add From: header to warning emails. Debian Bug#244828. Matthias Andree.
+* Fix IMAP code to use password of arbitrary length from configuration
+  file (although not when read interactively). Debian Bug#276424.
+  Matthias Andree
 
 fetchmail-6.2.5 (Wed Oct 15 18:39:22 EDT 2003), 23079 lines:
 
diff --git a/imap.c b/imap.c
index dceeca49..4642dad4 100644
--- a/imap.c
+++ b/imap.c
@@ -504,14 +504,21 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	|| ctl->server.authenticate == A_PASSWORD)
     {
 	/* these sizes guarantee no buffer overflow */
-	char	remotename[NAMELEN*2+1], password[PASSWORDLEN*2+1];
+	char *remotename, *password;
+	size_t rnl, pwl;
+	rnl = 2 * strlen(ctl->remotename) + 1;
+	pwl = 2 * strlen(ctl->password) + 1;
+	remotename = xmalloc(rnl);
+	password = xmalloc(pwl);
 
-	imap_canonicalize(remotename, ctl->remotename, NAMELEN);
-	imap_canonicalize(password, ctl->password, PASSWORDLEN);
+	imap_canonicalize(remotename, ctl->remotename, rnl);
+	imap_canonicalize(password, ctl->password, pwl);
 
 	snprintf(shroud, sizeof (shroud), "\"%s\"", password);
 	ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", remotename, password);
 	shroud[0] = '\0';
+	free(password);
+	free(remotename);
 #ifdef SSL_ENABLE
 	/* this is for servers which claim to support TLS, but actually
 	 * don't! */