git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Rework SPA fix to avoid overflows. Bug 2571
[exim.git]
/
src
/
src
/
auths
/
get_data.c
diff --git
a/src/src/auths/get_data.c
b/src/src/auths/get_data.c
index 37dcd37cc54a43ed6fe23780eb58df3ad46d822b..602a1181a38f7f3cb18c80e4253d1a73c5117128 100644
(file)
--- a/
src/src/auths/get_data.c
+++ b/
src/src/auths/get_data.c
@@
-3,6
+3,7
@@
*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
@@
-53,13
+54,13
@@
return OK;
* Issue a challenge and get a response *
*************************************************/
* Issue a challenge and get a response *
*************************************************/
-/* This function is used by authentication drivers to
output a challenge
-
to the SMTP client
and read the response line.
+/* This function is used by authentication drivers to
b64-encode and
+
output a challenge to the SMTP client,
and read the response line.
Arguments:
aptr set to point to the response (which is in big_buffer)
Arguments:
aptr set to point to the response (which is in big_buffer)
- challenge the challenge
text
(unencoded, may be binary)
- challen the length of the challenge
text
+ challenge the challenge
data
(unencoded, may be binary)
+ challen the length of the challenge
data, in bytes
Returns: OK on success
BAD64 if response too large for buffer
Returns: OK on success
BAD64 if response too large for buffer
@@
-174,11
+175,7
@@
for (int i = 0; i < len; i++)
if (ss[i+1] != '^')
ss[i] = 0;
else
if (ss[i+1] != '^')
ss[i] = 0;
else
- {
- i++;
- len--;
- memmove(ss + i, ss + i + 1, len - i);
- }
+ if (--len > ++i) memmove(ss + i, ss + i + 1, len - i);
/* The first string is attached to the AUTH command; others are sent
unembellished. */
/* The first string is attached to the AUTH command; others are sent
unembellished. */
@@
-197,7
+194,7
@@
else
has succeeded. There may be more data to send, but is there any point
in provoking an error here? */
has succeeded. There may be more data to send, but is there any point
in provoking an error here? */
-if (smtp_read_response(sx,
US
buffer, buffsize, '2', timeout))
+if (smtp_read_response(sx, buffer, buffsize, '2', timeout))
{
*inout = NULL;
return OK;
{
*inout = NULL;
return OK;