From 6f8d0b5a7434b00180e1f7bd673772eb01fe1ba7 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sat, 23 Jul 2005 16:24:00 +0000
Subject: Fix IMAP code to use password of arbitrary length from configuration
 file (although not when read interactively). Debian Bug#276424.

svn path=/trunk/; revision=4170
---
 imap.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'imap.c')

diff --git a/imap.c b/imap.c
index dceeca49..4642dad4 100644
--- a/imap.c
+++ b/imap.c
@@ -504,14 +504,21 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	|| ctl->server.authenticate == A_PASSWORD)
     {
 	/* these sizes guarantee no buffer overflow */
-	char	remotename[NAMELEN*2+1], password[PASSWORDLEN*2+1];
+	char *remotename, *password;
+	size_t rnl, pwl;
+	rnl = 2 * strlen(ctl->remotename) + 1;
+	pwl = 2 * strlen(ctl->password) + 1;
+	remotename = xmalloc(rnl);
+	password = xmalloc(pwl);
 
-	imap_canonicalize(remotename, ctl->remotename, NAMELEN);
-	imap_canonicalize(password, ctl->password, PASSWORDLEN);
+	imap_canonicalize(remotename, ctl->remotename, rnl);
+	imap_canonicalize(password, ctl->password, pwl);
 
 	snprintf(shroud, sizeof (shroud), "\"%s\"", password);
 	ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", remotename, password);
 	shroud[0] = '\0';
+	free(password);
+	free(remotename);
 #ifdef SSL_ENABLE
 	/* this is for servers which claim to support TLS, but actually
 	 * don't! */
-- 
cgit v1.2.3