diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-07-31 18:07:20 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-07-31 18:07:20 +0200 |
| commit | 3550bc494d8fe51e8830929a4f543931030aaab0 (patch) | |
| tree | 5a0fb77d9c2005928a97eba0747e8ebbf607318f /mailutils/sendmail.c | |
| parent | 884ea1c172f022c362a3d99b11dbd2f2443ab786 (diff) | |
| download | busybox-w32-3550bc494d8fe51e8830929a4f543931030aaab0.tar.gz busybox-w32-3550bc494d8fe51e8830929a4f543931030aaab0.tar.bz2 busybox-w32-3550bc494d8fe51e8830929a4f543931030aaab0.zip | |
sendmail: use on-stack buffer for AUTH PLAIN
function old new delta
sendmail_main 1335 1307 -28
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'mailutils/sendmail.c')
| -rw-r--r-- | mailutils/sendmail.c | 38 |
1 files changed, 27 insertions, 11 deletions
diff --git a/mailutils/sendmail.c b/mailutils/sendmail.c index 7a4afb835..32c50ba84 100644 --- a/mailutils/sendmail.c +++ b/mailutils/sendmail.c | |||
| @@ -361,19 +361,35 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv) | |||
| 361 | if (!G.user || !G.pass) | 361 | if (!G.user || !G.pass) |
| 362 | get_cred_or_die(4); | 362 | get_cred_or_die(4); |
| 363 | if (opts & OPT_am_plain) { | 363 | if (opts & OPT_am_plain) { |
| 364 | char *plain_auth; | 364 | // C: AUTH PLAIN |
| 365 | size_t user_len, pass_len; | 365 | // S: 334 |
| 366 | user_len = strlen(G.user); | 366 | // C: base64encoded(auth<NUL>user<NUL>pass) |
| 367 | pass_len = strlen(G.pass); | 367 | // S: 235 2.7.0 Authentication successful |
| 368 | //Note: a shorter format is allowed: | ||
| 369 | // C: AUTH PLAIN base64encoded(auth<NUL>user<NUL>pass) | ||
| 370 | // S: 235 2.7.0 Authentication successful | ||
| 368 | smtp_check("AUTH PLAIN", 334); | 371 | smtp_check("AUTH PLAIN", 334); |
| 369 | // use \1 as placeholders for \0 (format string is NUL-terminated) | 372 | { |
| 370 | plain_auth = xasprintf("\1%s\1%s", G.user, G.pass); | 373 | unsigned user_len = strlen(G.user); |
| 371 | // substitute placeholders | 374 | unsigned pass_len = strlen(G.pass); |
| 372 | plain_auth[0] = '\0'; | 375 | unsigned sz = 1 + user_len + 1 + pass_len; |
| 373 | plain_auth[1 + user_len] = '\0'; | 376 | char plain_auth[sz + 1]; |
| 374 | printbuf_base64(plain_auth, 1 + user_len + 1 + pass_len); | 377 | // the format is: |
| 375 | free(plain_auth); | 378 | // "authorization identity<NUL>username<NUL>password" |
| 379 | // authorization identity is empty. | ||
| 380 | plain_auth[0] = '\0'; | ||
| 381 | strcpy(stpcpy(plain_auth + 1, G.user) + 1, G.pass); | ||
| 382 | printbuf_base64(plain_auth, sz); | ||
| 383 | } | ||
| 376 | } else { | 384 | } else { |
| 385 | // C: AUTH LOGIN | ||
| 386 | // S: 334 VXNlcm5hbWU6 | ||
| 387 | // ^^^^^^^^^^^^ server says "Username:" | ||
| 388 | // C: base64encoded(user) | ||
| 389 | // S: 334 UGFzc3dvcmQ6 | ||
| 390 | // ^^^^^^^^^^^^ server says "Password:" | ||
| 391 | // C: base64encoded(pass) | ||
| 392 | // S: 235 2.7.0 Authentication successful | ||
| 377 | smtp_check("AUTH LOGIN", 334); | 393 | smtp_check("AUTH LOGIN", 334); |
| 378 | printstr_base64(G.user); | 394 | printstr_base64(G.user); |
| 379 | smtp_check("", 334); | 395 | smtp_check("", 334); |