Base64: we need the length of the string; else we fail

[citadel.git] / citadel / modules / smtp / serv_smtp.c

diff --git a/citadel/modules/smtp/serv_smtp.c b/citadel/modules/smtp/serv_smtp.c
index ece85545f85613712c737b483150304acca240db..eddad6be71fb2f5bad8f63ed6c2ab784383bfc39 100644 (file)
--- a/citadel/modules/smtp/serv_smtp.c
+++ b/citadel/modules/smtp/serv_smtp.c
@@ -394,12 +394,12 @@ void smtp_help(long offset, long Flags) {
 void smtp_get_user(long offset)
 {
        char buf[SIZ];
-       char username[SIZ];
        citsmtp *sSMTP = SMTP;
 
-       CtdlDecodeBase64(username, ChrPtr(sSMTP->Cmd) + offset, SIZ);
+       StrBufDecodeBase64(sSMTP->Cmd);
+
        /* syslog(LOG_DEBUG, "Trying <%s>\n", username); */
-       if (CtdlLoginExistingUser(NULL, username) == login_ok) {
+       if (CtdlLoginExistingUser(NULL, ChrPtr(sSMTP->Cmd)) == login_ok) {
                CtdlEncodeBase64(buf, "Password:", 9, 0);
                cprintf("334 %s\r\n", buf);
                sSMTP->command_state = smtp_password;
@@ -418,12 +418,11 @@ void smtp_get_pass(long offset, long Flags)
 {
        citsmtp *sSMTP = SMTP;
        char password[SIZ];
-       long len;
 
-       memset(password, 0, sizeof(password));  
-       len = CtdlDecodeBase64(password, ChrPtr(sSMTP->Cmd), SIZ);
+       memset(password, 0, sizeof(password));
+       StrBufDecodeBase64(sSMTP->Cmd);
        /* syslog(LOG_DEBUG, "Trying <%s>\n", password); */
-       if (CtdlTryPassword(password, len) == pass_ok) {
+       if (CtdlTryPassword(SKEY(sSMTP->Cmd)) == pass_ok) {
                smtp_auth_greeting(offset, Flags);
        }
        else {
@@ -444,24 +443,38 @@ void smtp_try_plain(long offset, long Flags)
        char user[256] = "";
        char pass[256] = "";
        int result;
-       long len;
 
-       len = StrBufDecodeBase64(sSMTP->Cmd);
-       if (len > 0)
+       long decoded_len;
+       long len = 0;
+       long plen = 0;
+
+       memset(pass, 0, sizeof(pass));
+       decoded_len = StrBufDecodeBase64(sSMTP->Cmd);
+
+       if (decoded_len > 0)
        {
                decoded_authstring = ChrPtr(sSMTP->Cmd);
 
                len = safestrncpy(ident, decoded_authstring, sizeof ident);
 
+               decoded_len -= len - 1;
                decoded_authstring += len + 1;
 
-               len = safestrncpy(user, decoded_authstring, sizeof user);
+               if (decoded_len > 0)
+               {
+                       len = safestrncpy(user, decoded_authstring, sizeof user);
 
-               decoded_authstring += len + 1;
+                       decoded_authstring += len + 1;
+                       decoded_len -= len - 1;
+               }
+
+               if (decoded_len > 0)
+               {
+                       plen = safestrncpy(pass, decoded_authstring, sizeof pass);
 
-               len = safestrncpy(pass, decoded_authstring, sizeof pass);
-               if (len < 0)
-                       len = sizeof(pass) - 1;
+                       if (plen < 0)
+                               plen = sizeof(pass) - 1;
+               }
        }
 
        sSMTP->command_state = smtp_command;
@@ -474,7 +487,7 @@ void smtp_try_plain(long offset, long Flags)
        }
 
        if (result == login_ok) {
-               if (CtdlTryPassword(pass, len) == pass_ok) {
+               if (CtdlTryPassword(pass, plen) == pass_ok) {
                        smtp_webcit_preferences_hack();
                        smtp_auth_greeting(offset, Flags);
                        return;