From: Wilfried Goesgens <dothebart@citadel.org>
Date: Mon, 3 Feb 2014 14:55:06 +0000 (+0100)
Subject: AUTH PLAIN: password length has to be its own variable, else it may contain invalid... 
X-Git-Tag: v9.01~133
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=a9af4275350dcace372a7232e7b74d017b840362

AUTH PLAIN: password length has to be its own variable, else it may contain invalid lengths
---

diff --git a/citadel/modules/imap/serv_imap.c b/citadel/modules/imap/serv_imap.c
index 85751e69b..e1560a34d 100644
--- a/citadel/modules/imap/serv_imap.c
+++ b/citadel/modules/imap/serv_imap.c
@@ -710,6 +710,7 @@ void imap_auth_plain(void)
 	int result;
 	long decoded_len;
 	long len = 0;
+	long plen = 0;
 
 	memset(pass, 0, sizeof(pass));
 	decoded_len = StrBufDecodeBase64(Imap->Cmd.CmdBuf);
@@ -733,10 +734,10 @@ void imap_auth_plain(void)
 
 		if (decoded_len > 0)
 		{
-			len = safestrncpy(pass, decoded_authstring, sizeof pass);
+			plen = safestrncpy(pass, decoded_authstring, sizeof pass);
 
-			if (len < 0)
-				len = sizeof(pass) - 1;
+			if (plen < 0)
+				plen = sizeof(pass) - 1;
 		}
 	}
 	Imap->authstate = imap_as_normal;
@@ -749,7 +750,7 @@ void imap_auth_plain(void)
 	}
 
 	if (result == login_ok) {
-		if (CtdlTryPassword(pass, len) == pass_ok) {
+		if (CtdlTryPassword(pass, plen) == pass_ok) {
 			IAPrintf("%s OK authentication succeeded\r\n", Imap->authseq);
 			return;
 		}
diff --git a/citadel/modules/smtp/serv_smtp.c b/citadel/modules/smtp/serv_smtp.c
index fa40a7dbd..892d8e7a7 100644
--- a/citadel/modules/smtp/serv_smtp.c
+++ b/citadel/modules/smtp/serv_smtp.c
@@ -447,6 +447,7 @@ void smtp_try_plain(long offset, long Flags)
 
 	long decoded_len;
 	long len = 0;
+	long plen = 0;
 
 	memset(pass, 0, sizeof(pass));
 	decoded_len = StrBufDecodeBase64(sSMTP->Cmd);
@@ -470,10 +471,10 @@ void smtp_try_plain(long offset, long Flags)
 
 		if (decoded_len > 0)
 		{
-			len = safestrncpy(pass, decoded_authstring, sizeof pass);
+			plen = safestrncpy(pass, decoded_authstring, sizeof pass);
 
-			if (len < 0)
-				len = sizeof(pass) - 1;
+			if (plen < 0)
+				plen = sizeof(pass) - 1;
 		}
 	}
 
@@ -487,7 +488,7 @@ void smtp_try_plain(long offset, long Flags)
 	}
 
 	if (result == login_ok) {
-		if (CtdlTryPassword(pass, len) == pass_ok) {
+		if (CtdlTryPassword(pass, plen) == pass_ok) {
 			smtp_webcit_preferences_hack();
 			smtp_auth_greeting(offset, Flags);
 			return;