From 798de81c6bb695516dda1d32a324fff56b3fc0a6 Mon Sep 17 00:00:00 2001 From: Wilfried Goesgens Date: Mon, 27 Jan 2014 20:17:05 +0100 Subject: [PATCH] BASE64: we don't remove \0's anymore, we need to treat auth basic strings different. --- citadel/modules/imap/serv_imap.c | 29 +++++++++++++------- citadel/modules/smtp/serv_smtp.c | 31 ++++++++++++++------- citadel/modules/xmpp/xmpp_sasl_service.c | 34 +++++++++++++++++------- 3 files changed, 64 insertions(+), 30 deletions(-) diff --git a/citadel/modules/imap/serv_imap.c b/citadel/modules/imap/serv_imap.c index 1290276e2..4b3e146ce 100644 --- a/citadel/modules/imap/serv_imap.c +++ b/citadel/modules/imap/serv_imap.c @@ -704,22 +704,31 @@ void imap_auth_plain(void) { citimap *Imap = IMAP; const char *decoded_authstring; - char ident[256]; - char user[256]; - char pass[256]; + char ident[256] = ""; + char user[256] = ""; + char pass[256] = ""; int result; long len; memset(pass, 0, sizeof(pass)); - StrBufDecodeBase64(Imap->Cmd.CmdBuf); + len = StrBufDecodeBase64(Imap->Cmd.CmdBuf); - decoded_authstring = ChrPtr(Imap->Cmd.CmdBuf); - safestrncpy(ident, decoded_authstring, sizeof ident); - safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user); - len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass); - if (len < 0) - len = sizeof(pass) - 1; + if (len > 0) + { + decoded_authstring = ChrPtr(Imap->Cmd.CmdBuf); + + len = safestrncpy(ident, decoded_authstring, sizeof ident); + + decoded_authstring += len + 1; + len = safestrncpy(user, decoded_authstring, sizeof user); + + decoded_authstring += len + 1; + + len = safestrncpy(pass, decoded_authstring, sizeof pass); + if (len < 0) + len = sizeof(pass) - 1; + } Imap->authstate = imap_as_normal; if (!IsEmptyStr(ident)) { diff --git a/citadel/modules/smtp/serv_smtp.c b/citadel/modules/smtp/serv_smtp.c index 58457b180..ece85545f 100644 --- a/citadel/modules/smtp/serv_smtp.c +++ b/citadel/modules/smtp/serv_smtp.c @@ -439,19 +439,30 @@ void smtp_get_pass(long offset, long Flags) void smtp_try_plain(long offset, long Flags) { citsmtp *sSMTP = SMTP; - char decoded_authstring[1024]; - char ident[256]; - char user[256]; - char pass[256]; + const char*decoded_authstring; + char ident[256] = ""; + char user[256] = ""; + char pass[256] = ""; int result; long len; - CtdlDecodeBase64(decoded_authstring, ChrPtr(sSMTP->Cmd), StrLength(sSMTP->Cmd)); - safestrncpy(ident, decoded_authstring, sizeof ident); - safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user); - len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass); - if (len == -1) - len = sizeof(pass) - 1; + len = StrBufDecodeBase64(sSMTP->Cmd); + if (len > 0) + { + decoded_authstring = ChrPtr(sSMTP->Cmd); + + len = safestrncpy(ident, decoded_authstring, sizeof ident); + + decoded_authstring += len + 1; + + len = safestrncpy(user, decoded_authstring, sizeof user); + + decoded_authstring += len + 1; + + len = safestrncpy(pass, decoded_authstring, sizeof pass); + if (len < 0) + len = sizeof(pass) - 1; + } sSMTP->command_state = smtp_command; diff --git a/citadel/modules/xmpp/xmpp_sasl_service.c b/citadel/modules/xmpp/xmpp_sasl_service.c index ba6dba137..5e53ceb4c 100644 --- a/citadel/modules/xmpp/xmpp_sasl_service.c +++ b/citadel/modules/xmpp/xmpp_sasl_service.c @@ -65,10 +65,11 @@ */ int xmpp_auth_plain(char *authstring) { - char decoded_authstring[1024]; - char ident[256]; - char user[256]; - char pass[256]; + StrBuf *AuthBuf; + const char *decoded_authstring; + char ident[256] = ""; + char user[256] = ""; + char pass[256] = ""; int result; long len; @@ -76,12 +77,25 @@ int xmpp_auth_plain(char *authstring) /* Take apart the authentication string */ memset(pass, 0, sizeof(pass)); - CtdlDecodeBase64(decoded_authstring, authstring, strlen(authstring)); - safestrncpy(ident, decoded_authstring, sizeof ident); - safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user); - len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass); - if (len < 0) - len = -len; + AuthBuf = NewStrBufPlain(authstring, -1); + len = StrBufDecodeBase64(AuthBuf); + if (len > 0) + { + decoded_authstring = ChrPtr(AuthBuf); + + len = safestrncpy(ident, decoded_authstring, sizeof ident); + + decoded_authstring += len + 1; + + len = safestrncpy(user, decoded_authstring, sizeof user); + + decoded_authstring += len + 1; + + len = safestrncpy(pass, decoded_authstring, sizeof pass); + if (len < 0) + len = sizeof(pass) - 1; + } + FreeStrBuf(&AuthBuf); /* If there are underscores in either string, change them to spaces. Some clients * do not allow spaces so we can tell the user to substitute underscores if their -- 2.30.2