diff options
author | Earl <earl@timberdragon.com> | 2021-01-02 10:44:51 -0800 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2021-01-03 12:51:02 +0100 |
commit | 90e61512500c37c1c08438b367d9baa64b89ef32 (patch) | |
tree | 31703a710407b5bdbbc429e3c274d0f0c9a5bf2d | |
parent | c95c2378c066f33c5b5bb1dadd3de366e49ee34e (diff) | |
download | fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.tar.gz fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.tar.bz2 fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.zip |
[smtp] Avoid truncating PLAIN AUTH passwords
Usernames or passwords with embedded CARET ^ character
would have been truncated prior to this fix, breaking
authentication.
Gitlab: Fixes issue #23, merge request !25.
-rw-r--r-- | smtp.c | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -117,11 +117,14 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password, snprintf(tmp, sizeof(tmp), "^%s^%s", username, password); len = strlen(tmp); - for (c = len - 1; c >= 0; c--) - { - if (tmp[c] == '^') - tmp[c] = '\0'; - } + + /* Take care not to overflow the buffer */ + c = 0; + tmp[c] = '\0'; + c += 1 + strlen(username); + if (c < len) + tmp[c] = '\0'; + to64frombits(b64buf, tmp, len, sizeof b64buf); SockPrintf(sock, "AUTH PLAIN %s\r\n", b64buf); SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT); |