AUTH PLAIN: password length has to be its own variable, else it may contain invalid...
[citadel] / citadel / modules / smtp / serv_smtp.c
index fa40a7d..892d8e7 100644 (file)
@@ -447,6 +447,7 @@ void smtp_try_plain(long offset, long Flags)
 
        long decoded_len;
        long len = 0;
+       long plen = 0;
 
        memset(pass, 0, sizeof(pass));
        decoded_len = StrBufDecodeBase64(sSMTP->Cmd);
@@ -470,10 +471,10 @@ void smtp_try_plain(long offset, long Flags)
 
                if (decoded_len > 0)
                {
-                       len = safestrncpy(pass, decoded_authstring, sizeof pass);
+                       plen = safestrncpy(pass, decoded_authstring, sizeof pass);
 
-                       if (len < 0)
-                               len = sizeof(pass) - 1;
+                       if (plen < 0)
+                               plen = sizeof(pass) - 1;
                }
        }
 
@@ -487,7 +488,7 @@ void smtp_try_plain(long offset, long Flags)
        }
 
        if (result == login_ok) {
-               if (CtdlTryPassword(pass, len) == pass_ok) {
+               if (CtdlTryPassword(pass, plen) == pass_ok) {
                        smtp_webcit_preferences_hack();
                        smtp_auth_greeting(offset, Flags);
                        return;