[dovecot-cvs] dovecot/src/auth mech-cram-md5.c,1.1,1.2
cras at procontrol.fi
cras at procontrol.fi
Mon Nov 10 23:44:56 EET 2003
Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv6805
Modified Files:
mech-cram-md5.c
Log Message:
Don't treat data as NUL-terminated string.
Index: mech-cram-md5.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech-cram-md5.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- mech-cram-md5.c 10 Nov 2003 20:36:02 -0000 1.1
+++ mech-cram-md5.c 10 Nov 2003 21:44:54 -0000 1.2
@@ -103,25 +103,27 @@
}
static int parse_cram_response(struct cram_auth_request *auth,
- const char *data, const char **error)
+ const unsigned char *data, size_t size,
+ const char **error_r)
{
- char *digest;
- int failed;
+ size_t i;
- *error = NULL;
- failed = FALSE;
+ *error_r = NULL;
- digest = strchr(data, ' ');
- if (digest != NULL) {
- auth->username = p_strdup_until(auth->pool, data, digest);
- digest++;
- auth->response = p_strdup(auth->pool, digest);
- } else {
- *error = "missing digest";
- failed = TRUE;
+ for (i = 0; i < size; i++) {
+ if (data[i] == ' ')
+ break;
}
- return !failed;
+ if (i == size) {
+ *error_r = "missing digest";
+ return FALSE;
+ }
+
+ auth->username = p_strndup(auth->pool, data, i);
+ i++;
+ auth->response = p_strndup(auth->pool, data + i, size - i);
+ return TRUE;
}
static void credentials_callback(const char *result,
@@ -147,18 +149,15 @@
static int
mech_cram_md5_auth_continue(struct auth_request *auth_request,
- struct auth_client_request_continue *request,
- const unsigned char *data,
- mech_callback_t *callback)
+ struct auth_client_request_continue *request __attr_unused__,
+ const unsigned char *data,
+ mech_callback_t *callback)
{
struct cram_auth_request *auth =
(struct cram_auth_request *)auth_request;
const char *error;
- /* unused */
- (void)request;
-
- if (parse_cram_response(auth, (const char *) data, &error)) {
+ if (parse_cram_response(auth, data, request->data_size, &error)) {
auth_request->callback = callback;
auth_request->user =
More information about the dovecot-cvs
mailing list