sendmail: use on-stack buffer for AUTH PLAIN
function old new delta sendmail_main 1335 1307 -28 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
884ea1c172
commit
3550bc494d
@ -361,19 +361,35 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv)
|
||||
if (!G.user || !G.pass)
|
||||
get_cred_or_die(4);
|
||||
if (opts & OPT_am_plain) {
|
||||
char *plain_auth;
|
||||
size_t user_len, pass_len;
|
||||
user_len = strlen(G.user);
|
||||
pass_len = strlen(G.pass);
|
||||
// C: AUTH PLAIN
|
||||
// S: 334
|
||||
// C: base64encoded(auth<NUL>user<NUL>pass)
|
||||
// S: 235 2.7.0 Authentication successful
|
||||
//Note: a shorter format is allowed:
|
||||
// C: AUTH PLAIN base64encoded(auth<NUL>user<NUL>pass)
|
||||
// S: 235 2.7.0 Authentication successful
|
||||
smtp_check("AUTH PLAIN", 334);
|
||||
// use \1 as placeholders for \0 (format string is NUL-terminated)
|
||||
plain_auth = xasprintf("\1%s\1%s", G.user, G.pass);
|
||||
// substitute placeholders
|
||||
plain_auth[0] = '\0';
|
||||
plain_auth[1 + user_len] = '\0';
|
||||
printbuf_base64(plain_auth, 1 + user_len + 1 + pass_len);
|
||||
free(plain_auth);
|
||||
{
|
||||
unsigned user_len = strlen(G.user);
|
||||
unsigned pass_len = strlen(G.pass);
|
||||
unsigned sz = 1 + user_len + 1 + pass_len;
|
||||
char plain_auth[sz + 1];
|
||||
// the format is:
|
||||
// "authorization identity<NUL>username<NUL>password"
|
||||
// authorization identity is empty.
|
||||
plain_auth[0] = '\0';
|
||||
strcpy(stpcpy(plain_auth + 1, G.user) + 1, G.pass);
|
||||
printbuf_base64(plain_auth, sz);
|
||||
}
|
||||
} else {
|
||||
// C: AUTH LOGIN
|
||||
// S: 334 VXNlcm5hbWU6
|
||||
// ^^^^^^^^^^^^ server says "Username:"
|
||||
// C: base64encoded(user)
|
||||
// S: 334 UGFzc3dvcmQ6
|
||||
// ^^^^^^^^^^^^ server says "Password:"
|
||||
// C: base64encoded(pass)
|
||||
// S: 235 2.7.0 Authentication successful
|
||||
smtp_check("AUTH LOGIN", 334);
|
||||
printstr_base64(G.user);
|
||||
smtp_check("", 334);
|
||||
|
Loading…
Reference in New Issue
Block a user