From 3550bc494d8fe51e8830929a4f543931030aaab0 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Tue, 31 Jul 2018 18:07:20 +0200 Subject: sendmail: use on-stack buffer for AUTH PLAIN function old new delta sendmail_main 1335 1307 -28 Signed-off-by: Denys Vlasenko --- mailutils/sendmail.c | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) (limited to 'mailutils') diff --git a/mailutils/sendmail.c b/mailutils/sendmail.c index 7a4afb8..32c50ba 100644 --- a/mailutils/sendmail.c +++ b/mailutils/sendmail.c @@ -361,19 +361,35 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv) if (!G.user || !G.pass) get_cred_or_die(4); if (opts & OPT_am_plain) { - char *plain_auth; - size_t user_len, pass_len; - user_len = strlen(G.user); - pass_len = strlen(G.pass); + // C: AUTH PLAIN + // S: 334 + // C: base64encoded(authuserpass) + // S: 235 2.7.0 Authentication successful +//Note: a shorter format is allowed: +// C: AUTH PLAIN base64encoded(authuserpass) +// S: 235 2.7.0 Authentication successful smtp_check("AUTH PLAIN", 334); - // use \1 as placeholders for \0 (format string is NUL-terminated) - plain_auth = xasprintf("\1%s\1%s", G.user, G.pass); - // substitute placeholders - plain_auth[0] = '\0'; - plain_auth[1 + user_len] = '\0'; - printbuf_base64(plain_auth, 1 + user_len + 1 + pass_len); - free(plain_auth); + { + unsigned user_len = strlen(G.user); + unsigned pass_len = strlen(G.pass); + unsigned sz = 1 + user_len + 1 + pass_len; + char plain_auth[sz + 1]; + // the format is: + // "authorization identityusernamepassword" + // authorization identity is empty. + plain_auth[0] = '\0'; + strcpy(stpcpy(plain_auth + 1, G.user) + 1, G.pass); + printbuf_base64(plain_auth, sz); + } } else { + // C: AUTH LOGIN + // S: 334 VXNlcm5hbWU6 + // ^^^^^^^^^^^^ server says "Username:" + // C: base64encoded(user) + // S: 334 UGFzc3dvcmQ6 + // ^^^^^^^^^^^^ server says "Password:" + // C: base64encoded(pass) + // S: 235 2.7.0 Authentication successful smtp_check("AUTH LOGIN", 334); printstr_base64(G.user); smtp_check("", 334); -- cgit v1.1