* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2024 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
#include "../exim.h"
uschar * clear, * end;
int len;
- if ((len = b64decode(data, &clear)) < 0) return BAD64;
+ if ((len = b64decode(data, &clear, GET_TAINTED)) < 0) return BAD64;
DEBUG(D_auth) debug_printf("auth input decode:");
for (end = clear + len; clear < end && expand_nmax < EXPAND_MAXN; )
{
* Issue a challenge and get a response *
*************************************************/
-/* This function is used by authentication drivers to output a challenge
-to the SMTP client and read the response line.
+/* This function is used by authentication drivers to b64-encode and
+output a challenge to the SMTP client, and read the response line.
Arguments:
aptr set to point to the response (which is in big_buffer)
- challenge the challenge text (unencoded, may be binary)
- challen the length of the challenge text
+ challenge the challenge data (unencoded, may be binary)
+ challen the length of the challenge data, in bytes
Returns: OK on success
BAD64 if response too large for buffer
CANCELLED if response is "*"
+
+NOTE: the data came from the wire so should be tainted - but
+big_buffer is not taint-tracked. EVERY CALLER needs to apply
+tainting.
*/
int
{
int c;
int p = 0;
-smtp_printf("334 %s\r\n", FALSE, b64encode(challenge, challen));
+smtp_printf("334 %s\r\n", SP_NO_MORE, b64encode(challenge, challen));
while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF)
{
if (p >= big_buffer_size - 1) return BAD64;
if ((rc = auth_get_data(&resp, challenge, Ustrlen(challenge))) != OK)
return rc;
-if ((len = b64decode(resp, &clear)) < 0)
+if ((len = b64decode(resp, &clear, GET_TAINTED)) < 0)
return BAD64;
end = clear + len;
len = Ustrlen(ss);
/* The character ^ is used as an escape for a binary zero character, which is
-needed for the PLAIN mechanism. It must be doubled if really needed. */
+needed for the PLAIN mechanism. It must be doubled if really needed.
+
+The parsing ambiguity of ^^^ is taken as ^^ -> ^ ; ^ -> NUL - and there is
+no way to get a leading ^ after a NUL. We would need to intro new syntax to
+support that (probably preferring to take a more-standard exim list as a source
+and concat the elements with intervening NULs. Either a magic marker on the
+source string for client_send, or a new option). */
for (int i = 0; i < len; i++)
if (ss[i] == '^')
if (ss[i+1] != '^')
ss[i] = 0;
else
- {
- i++;
- len--;
- memmove(ss + i, ss + i + 1, len - i);
- }
+ if (--len > i+1) memmove(ss + i + 1, ss + i + 2, len - i);
/* The first string is attached to the AUTH command; others are sent
unembellished. */
has succeeded. There may be more data to send, but is there any point
in provoking an error here? */
-if (smtp_read_response(sx, US buffer, buffsize, '2', timeout))
+if (smtp_read_response(sx, buffer, buffsize, '2', timeout))
{
*inout = NULL;
return OK;
/* Now that we know we'll continue, we put the received data into $auth<n>,
if possible. First, decode it: buffer+4 skips over the SMTP status code. */
-clear_len = b64decode(buffer+4, &clear);
+clear_len = b64decode(buffer+4, &clear, buffer+4);
/* If decoding failed, the default is to terminate the authentication, and
return FAIL, with the SMTP response still in the buffer. However, if client_