diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-07-31 18:07:20 +0200 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-07-31 18:07:20 +0200 |
commit | 3550bc494d8fe51e8830929a4f543931030aaab0 (patch) | |
tree | 5a0fb77d9c2005928a97eba0747e8ebbf607318f | |
parent | 884ea1c172f022c362a3d99b11dbd2f2443ab786 (diff) | |
download | busybox-3550bc494d8fe51e8830929a4f543931030aaab0.tar.gz |
sendmail: use on-stack buffer for AUTH PLAIN
function old new delta
sendmail_main 1335 1307 -28
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | mailutils/sendmail.c | 38 |
1 files changed, 27 insertions, 11 deletions
diff --git a/mailutils/sendmail.c b/mailutils/sendmail.c index 7a4afb835..32c50ba84 100644 --- a/mailutils/sendmail.c +++ b/mailutils/sendmail.c @@ -361,19 +361,35 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv) if (!G.user || !G.pass) get_cred_or_die(4); if (opts & OPT_am_plain) { - char *plain_auth; - size_t user_len, pass_len; - user_len = strlen(G.user); - pass_len = strlen(G.pass); + // C: AUTH PLAIN + // S: 334 + // C: base64encoded(auth<NUL>user<NUL>pass) + // S: 235 2.7.0 Authentication successful +//Note: a shorter format is allowed: +// C: AUTH PLAIN base64encoded(auth<NUL>user<NUL>pass) +// S: 235 2.7.0 Authentication successful smtp_check("AUTH PLAIN", 334); - // use \1 as placeholders for \0 (format string is NUL-terminated) - plain_auth = xasprintf("\1%s\1%s", G.user, G.pass); - // substitute placeholders - plain_auth[0] = '\0'; - plain_auth[1 + user_len] = '\0'; - printbuf_base64(plain_auth, 1 + user_len + 1 + pass_len); - free(plain_auth); + { + unsigned user_len = strlen(G.user); + unsigned pass_len = strlen(G.pass); + unsigned sz = 1 + user_len + 1 + pass_len; + char plain_auth[sz + 1]; + // the format is: + // "authorization identity<NUL>username<NUL>password" + // authorization identity is empty. + plain_auth[0] = '\0'; + strcpy(stpcpy(plain_auth + 1, G.user) + 1, G.pass); + printbuf_base64(plain_auth, sz); + } } else { + // C: AUTH LOGIN + // S: 334 VXNlcm5hbWU6 + // ^^^^^^^^^^^^ server says "Username:" + // C: base64encoded(user) + // S: 334 UGFzc3dvcmQ6 + // ^^^^^^^^^^^^ server says "Password:" + // C: base64encoded(pass) + // S: 235 2.7.0 Authentication successful smtp_check("AUTH LOGIN", 334); printstr_base64(G.user); smtp_check("", 334); |