AUTH PLAIN: password length has to be its own variable, else it may contain invalid...

[citadel.git] / citadel / modules / smtp / serv_smtp.c

diff --git a/citadel/modules/smtp/serv_smtp.c b/citadel/modules/smtp/serv_smtp.c
index 4eec7e85d5852400de7e4cb750b189082c7eef48..892d8e7a7885d4aef9e851923284b9e0a9057333 100644 (file)
--- a/citadel/modules/smtp/serv_smtp.c
+++ b/citadel/modules/smtp/serv_smtp.c
@@ -439,19 +439,44 @@ void smtp_get_pass(long offset, long Flags)
 void smtp_try_plain(long offset, long Flags)
 {
        citsmtp *sSMTP = SMTP;
-       char decoded_authstring[1024];
-       char ident[256];
-       char user[256];
-       char pass[256];
+       const char*decoded_authstring;
+       char ident[256] = "";
+       char user[256] = "";
+       char pass[256] = "";
        int result;
-       long len;
 
-       CtdlDecodeBase64(decoded_authstring, ChrPtr(sSMTP->Cmd), StrLength(sSMTP->Cmd));
-       safestrncpy(ident, decoded_authstring, sizeof ident);
-       safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
-       len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
-       if (len == -1)
-               len = sizeof(pass) - 1;
+       long decoded_len;
+       long len = 0;
+       long plen = 0;
+
+       memset(pass, 0, sizeof(pass));
+       decoded_len = StrBufDecodeBase64(sSMTP->Cmd);
+
+       if (decoded_len > 0)
+       {
+               decoded_authstring = ChrPtr(sSMTP->Cmd);
+
+               len = safestrncpy(ident, decoded_authstring, sizeof ident);
+
+               decoded_len -= len - 1;
+               decoded_authstring += len + 1;
+
+               if (decoded_len > 0)
+               {
+                       len = safestrncpy(user, decoded_authstring, sizeof user);
+
+                       decoded_authstring += len + 1;
+                       decoded_len -= len - 1;
+               }
+
+               if (decoded_len > 0)
+               {
+                       plen = safestrncpy(pass, decoded_authstring, sizeof pass);
+
+                       if (plen < 0)
+                               plen = sizeof(pass) - 1;
+               }
+       }
 
        sSMTP->command_state = smtp_command;
 
@@ -463,7 +488,7 @@ void smtp_try_plain(long offset, long Flags)
        }
 
        if (result == login_ok) {
-               if (CtdlTryPassword(pass, len) == pass_ok) {
+               if (CtdlTryPassword(pass, plen) == pass_ok) {
                        smtp_webcit_preferences_hack();
                        smtp_auth_greeting(offset, Flags);
                        return;
@@ -622,7 +647,7 @@ void smtp_mail(long offset, long flags) {
         * address so we don't have to contend with the empty string causing
         * other code to fail when it's expecting something there.
         */
-       if (StrLength(sSMTP->from)) {
+       if (StrLength(sSMTP->from) == 0) {
                StrBufPlain(sSMTP->from, HKEY("someone@example.com"));
        }
 
@@ -668,7 +693,7 @@ void smtp_rcpt(long offset, long flags)
 {
        struct CitContext *CCC = CC;
        char message_to_spammer[SIZ];
-       struct recptypes *valid = NULL;
+       recptypes *valid = NULL;
        citsmtp *sSMTP = SMTP;
 
        if (StrLength(sSMTP->from) == 0) {
@@ -767,7 +792,7 @@ void smtp_data(long offset, long flags)
        struct CtdlMessage *msg = NULL;
        long msgnum = (-1L);
        char nowstamp[SIZ];
-       struct recptypes *valid;
+       recptypes *valid;
        int scan_errors;
        int i;
        citsmtp *sSMTP = SMTP;
@@ -859,17 +884,17 @@ void smtp_data(long offset, long flags)
                        return;
                }
 
-               CM_SetField(msg, eNodeName, config.c_nodename, strlen(config.c_nodename));
-               CM_SetField(msg, eHumanNode, config.c_humannode, strlen(config.c_humannode));
+               CM_SetField(msg, eNodeName, CFG_KEY(c_nodename));
+               CM_SetField(msg, eHumanNode, CFG_KEY(c_humannode));
                CM_SetField(msg, eOriginalRoom, HKEY(MAILROOM));
                if (sSMTP->preferred_sender_name != NULL)
-                       CM_SetFieldSB(msg, eAuthor, sSMTP->preferred_sender_name);
+                       CM_SetField(msg, eAuthor, SKEY(sSMTP->preferred_sender_name));
                else 
                        CM_SetField(msg, eAuthor, CCC->user.fullname, strlen(CCC->user.fullname));
 
                if (!validemail) {
-                       if((sSMTP->preferred_sender_email != NULL)
-                               CM_SetFieldSB(msg, erFc822Addr, sSMTP->preferred_sender_email)) 
+                       if (sSMTP->preferred_sender_email != NULL)
+                               CM_SetField(msg, erFc822Addr, SKEY(sSMTP->preferred_sender_email));
                        else
                                CM_SetField(msg, erFc822Addr, CCC->cs_inet_email, strlen(CCC->cs_inet_email));
                }
@@ -896,7 +921,7 @@ void smtp_data(long offset, long flags)
                scan_errors = 0;
        }
        else {
-               scan_errors = PerformMessageHooks(msg, EVT_SMTPSCAN);
+               scan_errors = PerformMessageHooks(msg, valid, EVT_SMTPSCAN);
        }
 
        if (scan_errors > 0) {  /* We don't want this message! */
@@ -996,14 +1021,17 @@ void smtp_command_loop(void)
 
        if (sSMTP->command_state == smtp_user) {
                smtp_get_user(0);
+               return;
        }
 
        else if (sSMTP->command_state == smtp_password) {
                smtp_get_pass(0, 0);
+               return;
        }
 
        else if (sSMTP->command_state == smtp_plain) {
                smtp_try_plain(0, 0);
+               return;
        }
 
        pchs = pch = ChrPtr(sSMTP->Cmd);