From 90e61512500c37c1c08438b367d9baa64b89ef32 Mon Sep 17 00:00:00 2001
From: Earl <earl@timberdragon.com>
Date: Sat, 2 Jan 2021 10:44:51 -0800
Subject: [smtp] Avoid truncating PLAIN AUTH passwords

Usernames or passwords with embedded CARET ^ character
would have been truncated prior to this fix, breaking
authentication.

Gitlab: Fixes issue #23, merge request !25.
---
 smtp.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/smtp.c b/smtp.c
index 9ca93813..6e59ac4b 100644
--- a/smtp.c
+++ b/smtp.c
@@ -117,11 +117,14 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
 		snprintf(tmp, sizeof(tmp), "^%s^%s", username, password);
 
 		len = strlen(tmp);
-		for (c = len - 1; c >= 0; c--)
-		{
-			if (tmp[c] == '^')
-				tmp[c] = '\0';
-		}
+
+		/* Take care not to overflow the buffer */
+		c = 0;
+		tmp[c] = '\0';
+		c += 1 + strlen(username);
+		if (c < len)
+			tmp[c] = '\0';
+
 		to64frombits(b64buf, tmp, len, sizeof b64buf);
 		SockPrintf(sock, "AUTH PLAIN %s\r\n", b64buf);
 		SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT);
-- 
cgit v1.2.3