From 22443c2f05880838db8d7091701f8f20a83cc90e Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Tue, 4 Jun 2002 13:58:21 +0000
Subject: Fix Kerberos bugs.

svn path=/trunk/; revision=3628
---
 base64.c | 11 ++++++++---
 driver.c |  2 +-
 imap.c   |  2 +-
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/base64.c b/base64.c
index 3658e956..a8c7f1c1 100644
--- a/base64.c
+++ b/base64.c
@@ -54,6 +54,7 @@ void to64frombits(unsigned char *out, const unsigned char *in, int inlen)
 
 int from64tobits(char *out, const char *in, int maxlen)
 /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */
+/* maxlen limits output buffer size, set to zero to ignore */
 {
     int len = 0;
     register unsigned char digit1, digit2, digit3, digit4;
@@ -78,17 +79,21 @@ int from64tobits(char *out, const char *in, int maxlen)
 	    return(-1);
 	in += 4;
 	++len;
-	if (len && len >= maxlen)	/* prevent buffer overflow */
+	if (maxlen && len > maxlen)
 	    return(-1);
 	*out++ = (DECODE64(digit1) << 2) | (DECODE64(digit2) >> 4);
 	if (digit3 != '=')
 	{
-	    *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2);
 	    ++len;
+	    if (maxlen && len > maxlen)
+	        return(-1);
+	    *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2);
 	    if (digit4 != '=')
 	    {
+	        ++len;
+		if (maxlen && len > maxlen)
+		    return(-1);
 		*out++ = ((DECODE64(digit3) << 6) & 0xc0) | DECODE64(digit4);
-		++len;
 	    }
 	}
     } while 
diff --git a/driver.c b/driver.c
index 2eda23ef..ef3529e2 100644
--- a/driver.c
+++ b/driver.c
@@ -1043,7 +1043,7 @@ const int maxfetch;		/* maximum number of messages to fetch */
 	set_timeout(0);
 	phase = oldphase;
 #ifdef KERBEROS_V4
-	if (ctl->server.authenticate == A_KERBEROS_V4)
+	if (ctl->server.authenticate == A_KERBEROS_V4 && (strcasecmp(proto->name,"IMAP") != 0))
 	{
 	    set_timeout(mytimeout);
 	    err = kerberos_auth(mailserver_socket, ctl->server.truename,
diff --git a/imap.c b/imap.c
index c9792072..df8cd336 100644
--- a/imap.c
+++ b/imap.c
@@ -200,7 +200,7 @@ static int do_imap_ntlm(int sock, struct query *ctl)
     if ((gen_recv(sock, msgbuf, sizeof msgbuf)))
 	return result;
   
-    len = from64tobits ((unsigned char*)&challenge, msgbuf, sizeof(msgbuf));
+    len = from64tobits ((char*)&challenge, msgbuf, sizeof(challenge));
     
     if (outlevel >= O_DEBUG)
 	dumpSmbNtlmAuthChallenge(stdout, &challenge);
-- 
cgit v1.2.3