X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f3ebb786e451da973560f1c9d8cdb151d25108b5..3857519629ca8fbcf3466c3fc761a5bb6ed32d53:/src/src/auths/cram_md5.c diff --git a/src/src/auths/cram_md5.c b/src/src/auths/cram_md5.c index a60db56e4..583080211 100644 --- a/src/src/auths/cram_md5.c +++ b/src/src/auths/cram_md5.c @@ -3,7 +3,9 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ +/* SPDX-License-Identifier: GPL-2.0-or-later */ /* The stand-alone version just tests the algorithm. We have to drag @@ -25,11 +27,11 @@ program. */ optionlist auth_cram_md5_options[] = { { "client_name", opt_stringptr, - (void *)(offsetof(auth_cram_md5_options_block, client_name)) }, + OPT_OFF(auth_cram_md5_options_block, client_name) }, { "client_secret", opt_stringptr, - (void *)(offsetof(auth_cram_md5_options_block, client_secret)) }, + OPT_OFF(auth_cram_md5_options_block, client_secret) }, { "server_secret", opt_stringptr, - (void *)(offsetof(auth_cram_md5_options_block, server_secret)) } + OPT_OFF(auth_cram_md5_options_block, server_secret) } }; /* Size of the options list. An extern variable has to be used so that its @@ -161,13 +163,13 @@ md5_end(&base, md5secret, 16, digestptr); /* For interface, see auths/README */ int -auth_cram_md5_server(auth_instance *ablock, uschar *data) +auth_cram_md5_server(auth_instance * ablock, uschar * data) { -auth_cram_md5_options_block *ob = +auth_cram_md5_options_block * ob = (auth_cram_md5_options_block *)(ablock->options_block); -uschar *challenge = string_sprintf("<%d.%ld@%s>", getpid(), +uschar * challenge = string_sprintf("<%d.%ld@%s>", getpid(), (long int) time(NULL), primary_hostname); -uschar *clear, *secret; +uschar * clear, * secret; uschar digest[16]; int i, rc, len; @@ -179,12 +181,12 @@ if (f.running_in_test_harness) /* No data should have been sent with the AUTH command */ -if (*data != 0) return UNEXPECTED; +if (*data) return UNEXPECTED; /* Send the challenge, read the return */ if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc; -if ((len = b64decode(data, &clear)) < 0) return BAD64; +if ((len = b64decode(data, &clear, GET_TAINTED)) < 0) return BAD64; /* The return consists of a user name, space-separated from the CRAM-MD5 digest, expressed in hex. Extract the user name and put it in $auth1 and $1. @@ -192,7 +194,7 @@ The former is now the preferred variable; the latter is the original one. Then check that the remaining length is 32. */ auth_vars[0] = expand_nstring[1] = clear; -while (*clear != 0 && !isspace(*clear)) clear++; +while (*clear && !isspace(*clear)) clear++; if (!isspace(*clear)) return FAIL; *clear++ = 0; @@ -296,7 +298,7 @@ if (smtp_write_command(sx, SCMD_FLUSH, "AUTH %s\r\n", ablock->public_name) < 0) if (!smtp_read_response(sx, buffer, buffsize, '3', timeout)) return FAIL; -if (b64decode(buffer + 4, &challenge) < 0) +if (b64decode(buffer + 4, &challenge, buffer + 4) < 0) { string_format(buffer, buffsize, "bad base 64 string in challenge: %s", big_buffer + 4);