client_send = ^username^mysecret
.endd
The lack of colons means that the entire text is sent with the AUTH
-command, with the circumflex characters converted to NULs. A similar example
+command, with the circumflex characters converted to NULs.
+.new
+Note that due to the ambiguity of parsing three consectutive circumflex characters
+there is no way to provide a password having a leading circumflex.
+.wen
+
+
+A similar example
that uses the LOGIN mechanism is:
.code
fixed_login:
JH/35 Bug 2343: Harden exim_tidydb against corrupt wait- files.
+JH/36 Bug 2687: Fix interpretation of multiple ^ chars in a plaintext
+ authenticator client_send option. Previously the next char, after a pair
+ was collapsed, was taken verbatim (so ^^^foo became ^^foo; ^^^^foo became
+ ^^\x00foo). Fixed to get ^\x00foo and ^^foo respectively to match the
+ documentation. There is still no way to get a leading ^ immediately
+ after a NUL (ie. for the password of a PLAIN method authenticator.
+
Exim version 4.94
-----------------
len = Ustrlen(ss);
/* The character ^ is used as an escape for a binary zero character, which is
-needed for the PLAIN mechanism. It must be doubled if really needed. */
+needed for the PLAIN mechanism. It must be doubled if really needed.
+
+The parsing ambiguity of ^^^ is taken as ^^ -> ^ ; ^ -> NUL - and there is
+no way to get a leading ^ after a NUL. We would need to intro new syntax to
+support that (probably preferring to take a more-standard exim list as a source
+and concat the elements with intervening NULs. Either a magic marker on the
+source string for client_send, or a new option). */
for (int i = 0; i < len; i++)
if (ss[i] == '^')
if (ss[i+1] != '^')
ss[i] = 0;
else
- if (--len > ++i) memmove(ss + i, ss + i + 1, len - i);
+ if (--len > i+1) memmove(ss + i + 1, ss + i + 2, len - i);
/* The first string is attached to the AUTH command; others are sent
unembellished. */
git://git.exim.org / exim.git / commitdiff