Testsuite: tidying

[exim.git] / src / src / auths / get_data.c

diff --git a/src/src/auths/get_data.c b/src/src/auths/get_data.c
index 602a1181a38f7f3cb18c80e4253d1a73c5117128..0c9fb37fe8455b86d7e3e17dc2f7d0f878730710 100644 (file)
--- a/src/src/auths/get_data.c
+++ b/src/src/auths/get_data.c
@@ -2,9 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2020 - 2023 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
 
 #include "../exim.h"
 
@@ -32,7 +33,7 @@ else
   uschar * clear, * end;
   int len;
 
-  if ((len = b64decode(data, &clear)) < 0) return BAD64;
+  if ((len = b64decode(data, &clear, GET_TAINTED)) < 0) return BAD64;
   DEBUG(D_auth) debug_printf("auth input decode:");
   for (end = clear + len; clear < end && expand_nmax < EXPAND_MAXN; )
     {
@@ -65,6 +66,10 @@ Arguments:
 Returns:      OK on success
               BAD64 if response too large for buffer
               CANCELLED if response is "*"
+
+NOTE: the data came from the wire so should be tainted - but
+big_buffer is not taint-tracked.  EVERY CALLER needs to apply
+tainting.
 */
 
 int
@@ -72,7 +77,7 @@ auth_get_data(uschar ** aptr, const uschar * challenge, int challen)
 {
 int c;
 int p = 0;
-smtp_printf("334 %s\r\n", FALSE, b64encode(challenge, challen));
+smtp_printf("334 %s\r\n", SP_NO_MORE, b64encode(challenge, challen));
 while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF)
   {
   if (p >= big_buffer_size - 1) return BAD64;
@@ -96,7 +101,7 @@ uschar * resp, * clear, * end;
 
 if ((rc = auth_get_data(&resp, challenge, Ustrlen(challenge))) != OK)
   return rc;
-if ((len = b64decode(resp, &clear)) < 0)
+if ((len = b64decode(resp, &clear, GET_TAINTED)) < 0)
   return BAD64;
 end = clear + len;
 
@@ -168,14 +173,20 @@ if (!ss)
 len = Ustrlen(ss);
 
 /* The character ^ is used as an escape for a binary zero character, which is
-needed for the PLAIN mechanism. It must be doubled if really needed. */
+needed for the PLAIN mechanism. It must be doubled if really needed.
+
+The parsing ambiguity of ^^^ is taken as ^^ -> ^ ; ^ -> NUL - and there is
+no way to get a leading ^ after a NUL.  We would need to intro new syntax to
+support that (probably preferring to take a more-standard exim list as a source
+and concat the elements with intervening NULs.  Either a magic marker on the
+source string for client_send, or a new option). */
 
 for (int i = 0; i < len; i++)
   if (ss[i] == '^')
     if (ss[i+1] != '^')
       ss[i] = 0;
     else
-      if (--len > ++i) memmove(ss + i, ss + i + 1, len - i);
+      if (--len > i+1) memmove(ss + i + 1, ss + i + 2, len - i);
 
 /* The first string is attached to the AUTH command; others are sent
 unembellished. */
@@ -221,7 +232,7 @@ if (flags & AUTH_ITEM_LAST)
 /* Now that we know we'll continue, we put the received data into $auth<n>,
 if possible. First, decode it: buffer+4 skips over the SMTP status code. */
 
-clear_len = b64decode(buffer+4, &clear);
+clear_len = b64decode(buffer+4, &clear, buffer+4);
 
 /* If decoding failed, the default is to terminate the authentication, and
 return FAIL, with the SMTP response still in the buffer. However, if client_