diff options
| -rw-r--r-- | base64.c | 11 | ||||
| -rw-r--r-- | driver.c | 2 | ||||
| -rw-r--r-- | imap.c | 2 |
3 files changed, 10 insertions, 5 deletions
@@ -54,6 +54,7 @@ void to64frombits(unsigned char *out, const unsigned char *in, int inlen) int from64tobits(char *out, const char *in, int maxlen) /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */ +/* maxlen limits output buffer size, set to zero to ignore */ { int len = 0; register unsigned char digit1, digit2, digit3, digit4; @@ -78,17 +79,21 @@ int from64tobits(char *out, const char *in, int maxlen) return(-1); in += 4; ++len; - if (len && len >= maxlen) /* prevent buffer overflow */ + if (maxlen && len > maxlen) return(-1); *out++ = (DECODE64(digit1) << 2) | (DECODE64(digit2) >> 4); if (digit3 != '=') { - *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2); ++len; + if (maxlen && len > maxlen) + return(-1); + *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2); if (digit4 != '=') { + ++len; + if (maxlen && len > maxlen) + return(-1); *out++ = ((DECODE64(digit3) << 6) & 0xc0) | DECODE64(digit4); - ++len; } } } while @@ -1043,7 +1043,7 @@ const int maxfetch; /* maximum number of messages to fetch */ set_timeout(0); phase = oldphase; #ifdef KERBEROS_V4 - if (ctl->server.authenticate == A_KERBEROS_V4) + if (ctl->server.authenticate == A_KERBEROS_V4 && (strcasecmp(proto->name,"IMAP") != 0)) { set_timeout(mytimeout); err = kerberos_auth(mailserver_socket, ctl->server.truename, @@ -200,7 +200,7 @@ static int do_imap_ntlm(int sock, struct query *ctl) if ((gen_recv(sock, msgbuf, sizeof msgbuf))) return result; - len = from64tobits ((unsigned char*)&challenge, msgbuf, sizeof(msgbuf)); + len = from64tobits ((char*)&challenge, msgbuf, sizeof(challenge)); if (outlevel >= O_DEBUG) dumpSmbNtlmAuthChallenge(stdout, &challenge); |