AUTH PLAIN: password length has to be its own variable, else it may contain invalid...

[citadel.git] / citadel / modules / imap / serv_imap.c

diff --git a/citadel/modules/imap/serv_imap.c b/citadel/modules/imap/serv_imap.c
index 168c7e71a23bbaa6c2e138c0a13b7d4909d3bd3e..e1560a34dcaaaae1ac6c7a71c19c22b3dbd172eb 100644 (file)
--- a/citadel/modules/imap/serv_imap.c
+++ b/citadel/modules/imap/serv_imap.c
@@ -320,10 +320,11 @@ void imap_load_msgids(void)
        /* Load the message list */
        cdbfr = cdb_fetch(CDB_MSGLISTS, &CC->room.QRnumber, sizeof(long));
        if (cdbfr != NULL) {
-               Imap->msgids = malloc(cdbfr->len);
-               memcpy(Imap->msgids, cdbfr->ptr, cdbfr->len);
+               Imap->msgids = (long*)cdbfr->ptr;
                Imap->num_msgs = cdbfr->len / sizeof(long);
                Imap->num_alloc = cdbfr->len / sizeof(long);
+               cdbfr->ptr = NULL;
+               cdbfr->len = 0;
                cdb_free(cdbfr);
        }
 
@@ -371,14 +372,10 @@ void imap_rescan_msgids(void)
         */
        cdbfr = cdb_fetch(CDB_MSGLISTS, &CC->room.QRnumber, sizeof(long));
        if (cdbfr != NULL) {
-               msglist = malloc(cdbfr->len + 1);
-               if (msglist == NULL) {
-                       IMAPM_syslog(LOG_CRIT, "malloc() failed");
-                       CC->kill_me = KILLME_MALLOC_FAILED;
-                       return;
-               }
-               memcpy(msglist, cdbfr->ptr, (size_t)cdbfr->len);
+               msglist = (long*)cdbfr->ptr;
+               cdbfr->ptr = NULL;
                num_msgs = cdbfr->len / sizeof(long);
+               cdbfr->len = 0;
                cdb_free(cdbfr);
        } else {
                num_msgs = 0;
@@ -417,9 +414,8 @@ void imap_rescan_msgids(void)
                                         (Imap->num_msgs - i)));
                                memmove(&Imap->flags[i],
                                        &Imap->flags[i + 1],
-                                       (sizeof(long) *
+                                       (sizeof(unsigned int) *
                                         (Imap->num_msgs - i)));
-
                                --i;
                        }
 
@@ -708,22 +704,42 @@ void imap_auth_plain(void)
 {
        citimap *Imap = IMAP;
        const char *decoded_authstring;
-       char ident[256];
-       char user[256];
-       char pass[256];
+       char ident[256] = "";
+       char user[256] = "";
+       char pass[256] = "";
        int result;
-       long len;
+       long decoded_len;
+       long len = 0;
+       long plen = 0;
 
        memset(pass, 0, sizeof(pass));
-       StrBufDecodeBase64(Imap->Cmd.CmdBuf);
+       decoded_len = StrBufDecodeBase64(Imap->Cmd.CmdBuf);
+
+       if (decoded_len > 0)
+       {
+               decoded_authstring = ChrPtr(Imap->Cmd.CmdBuf);
 
-       decoded_authstring = ChrPtr(Imap->Cmd.CmdBuf);
-       safestrncpy(ident, decoded_authstring, sizeof ident);
-       safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
-       len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
-       if (len < 0)
-               len = sizeof(pass) - 1;
+               len = safestrncpy(ident, decoded_authstring, sizeof ident);
 
+               decoded_len -= len - 1;
+               decoded_authstring += len + 1;
+
+               if (decoded_len > 0)
+               {
+                       len = safestrncpy(user, decoded_authstring, sizeof user);
+
+                       decoded_authstring += len + 1;
+                       decoded_len -= len - 1;
+               }
+
+               if (decoded_len > 0)
+               {
+                       plen = safestrncpy(pass, decoded_authstring, sizeof pass);
+
+                       if (plen < 0)
+                               plen = sizeof(pass) - 1;
+               }
+       }
        Imap->authstate = imap_as_normal;
 
        if (!IsEmptyStr(ident)) {
@@ -734,7 +750,7 @@ void imap_auth_plain(void)
        }
 
        if (result == login_ok) {
-               if (CtdlTryPassword(pass, len) == pass_ok) {
+               if (CtdlTryPassword(pass, plen) == pass_ok) {
                        IAPrintf("%s OK authentication succeeded\r\n", Imap->authseq);
                        return;
                }