}
case 4:
if (CtdlLoginExistingUser(NULL, Params[2].Key) == login_ok) {
- if (CtdlTryPassword(Params[3].Key) == pass_ok) {
+ if (CtdlTryPassword(Params[3].Key, Params[3].len) == pass_ok) {
cprintf("%s OK [", Params[0].Key);
imap_output_capability_string();
cprintf("] Hello, %s\r\n", CC->user.fullname);
char user[256];
char pass[256];
int result;
+ long len;
memset(pass, 0, sizeof(pass));
StrBufDecodeBase64(IMAP->Cmd.CmdBuf);
decoded_authstring = ChrPtr(IMAP->Cmd.CmdBuf);
safestrncpy(ident, decoded_authstring, sizeof ident);
safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
- safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+ len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+ if (len < 0)
+ len = sizeof(pass) - 1;
IMAP->authstate = imap_as_normal;
}
if (result == login_ok) {
- if (CtdlTryPassword(pass) == pass_ok) {
+ if (CtdlTryPassword(pass, len) == pass_ok) {
cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
return;
}
{
citimap *Imap = IMAP;
const char *pass = NULL;
+ long len = 0;
switch (state) {
default:
case imap_as_expecting_password:
StrBufDecodeBase64(Imap->Cmd.CmdBuf);
pass = ChrPtr(Imap->Cmd.CmdBuf);
+ len = StrLength(Imap->Cmd.CmdBuf);
break;
case imap_as_expecting_multilinepassword:
pass = ChrPtr(Imap->Cmd.CmdBuf);
+ len = StrLength(Imap->Cmd.CmdBuf);
break;
}
- if (CtdlTryPassword(pass) == pass_ok) {
+ if (len > USERNAME_SIZE)
+ StrBufCutAt(Imap->Cmd.CmdBuf, USERNAME_SIZE, NULL);
+
+ if (CtdlTryPassword(pass, len) == pass_ok) {
cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
} else {
cprintf("%s NO authentication failed\r\n", IMAP->authseq);