aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEarl <earl@timberdragon.com>2021-01-02 10:44:51 -0800
committerMatthias Andree <matthias.andree@gmx.de>2021-01-03 12:51:02 +0100
commit90e61512500c37c1c08438b367d9baa64b89ef32 (patch)
tree31703a710407b5bdbbc429e3c274d0f0c9a5bf2d
parentc95c2378c066f33c5b5bb1dadd3de366e49ee34e (diff)
downloadfetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.tar.gz
fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.tar.bz2
fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.zip
[smtp] Avoid truncating PLAIN AUTH passwords
Usernames or passwords with embedded CARET ^ character would have been truncated prior to this fix, breaking authentication. Gitlab: Fixes issue #23, merge request !25.
-rw-r--r--smtp.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/smtp.c b/smtp.c
index 9ca93813..6e59ac4b 100644
--- a/smtp.c
+++ b/smtp.c
@@ -117,11 +117,14 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
snprintf(tmp, sizeof(tmp), "^%s^%s", username, password);
len = strlen(tmp);
- for (c = len - 1; c >= 0; c--)
- {
- if (tmp[c] == '^')
- tmp[c] = '\0';
- }
+
+ /* Take care not to overflow the buffer */
+ c = 0;
+ tmp[c] = '\0';
+ c += 1 + strlen(username);
+ if (c < len)
+ tmp[c] = '\0';
+
to64frombits(b64buf, tmp, len, sizeof b64buf);
SockPrintf(sock, "AUTH PLAIN %s\r\n", b64buf);
SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT);