[smtp] Avoid truncating PLAIN AUTH passwords

Usernames or passwords with embedded CARET ^ character would have been truncated prior to this fix, breaking authentication. Gitlab: Fixes issue #23, merge request !25.
author: Earl <earl@timberdragon.com> 2021-01-02 10:44:51 -0800
committer: Matthias Andree <matthias.andree@gmx.de> 2021-01-03 12:51:02 +0100
commit: 90e61512500c37c1c08438b367d9baa64b89ef32 (patch)
tree: 31703a710407b5bdbbc429e3c274d0f0c9a5bf2d /smtp.c
parent: c95c2378c066f33c5b5bb1dadd3de366e49ee34e (diff)
download: fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.tar.gz
fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.tar.bz2
fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.zip
1 files changed, 8 insertions, 5 deletions
diff --git a/smtp.c b/smtp.c
index 9ca93813..6e59ac4b 100644
--- a/smtp.c
+++ b/smtp.c
@@ -117,11 +117,14 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
 		snprintf(tmp, sizeof(tmp), "^%s^%s", username, password);
 
 		len = strlen(tmp);
-		for (c = len - 1; c >= 0; c--)
-		{
-			if (tmp[c] == '^')
-				tmp[c] = '\0';
-		}
+
+		/* Take care not to overflow the buffer */
+		c = 0;
+		tmp[c] = '\0';
+		c += 1 + strlen(username);
+		if (c < len)
+			tmp[c] = '\0';
+
 		to64frombits(b64buf, tmp, len, sizeof b64buf);
 		SockPrintf(sock, "AUTH PLAIN %s\r\n", b64buf);
 		SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT);
author	Earl <earl@timberdragon.com>	2021-01-02 10:44:51 -0800
committer	Matthias Andree <matthias.andree@gmx.de>	2021-01-03 12:51:02 +0100
commit	90e61512500c37c1c08438b367d9baa64b89ef32 (patch)
tree	31703a710407b5bdbbc429e3c274d0f0c9a5bf2d /smtp.c
parent	c95c2378c066f33c5b5bb1dadd3de366e49ee34e (diff)
download	fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.tar.gz fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.tar.bz2 fetchmail-90e61512500c37c1c08438b367d9baa64b89ef32.zip