pop3d: bugfixes.
* pop3d/apop.c (pop3d_apopuser, pop3d_apopuser): Remove statically allocated buffers. * pop3d/pop3d.c (pop3d_mainloop): Likewise. * pop3d/user.c (pop3d_begin_session): Likewise.
Showing
3 changed files
with
12 additions
and
33 deletions
| ... | @@ -60,7 +60,7 @@ pop3d_apopuser (const char *user) | ... | @@ -60,7 +60,7 @@ pop3d_apopuser (const char *user) |
| 60 | memset (&key, 0, sizeof key); | 60 | memset (&key, 0, sizeof key); |
| 61 | memset (&data, 0, sizeof data); | 61 | memset (&data, 0, sizeof data); |
| 62 | 62 | ||
| 63 | MU_DATUM_PTR (key) = user; | 63 | MU_DATUM_PTR (key) = (void*) user; |
| 64 | MU_DATUM_SIZE (key) = strlen (user); | 64 | MU_DATUM_SIZE (key) = strlen (user); |
| 65 | 65 | ||
| 66 | rc = mu_dbm_fetch (db, key, &data); | 66 | rc = mu_dbm_fetch (db, key, &data); |
| ... | @@ -134,10 +134,11 @@ pop3d_apopuser (const char *user) | ... | @@ -134,10 +134,11 @@ pop3d_apopuser (const char *user) |
| 134 | int | 134 | int |
| 135 | pop3d_apop (char *arg) | 135 | pop3d_apop (char *arg) |
| 136 | { | 136 | { |
| 137 | char *tmp, *password, *user_digest, *user; | 137 | char *p, *password, *user_digest, *user; |
| 138 | char buf[POP_MAXCMDLEN]; | ||
| 139 | struct mu_md5_ctx md5context; | 138 | struct mu_md5_ctx md5context; |
| 140 | unsigned char md5digest[16]; | 139 | unsigned char md5digest[16]; |
| 140 | char buf[2 * 16 + 1]; | ||
| 141 | size_t i; | ||
| 141 | 142 | ||
| 142 | if (state != AUTHORIZATION) | 143 | if (state != AUTHORIZATION) |
| 143 | return ERR_WRONG_STATE; | 144 | return ERR_WRONG_STATE; |
| ... | @@ -146,11 +147,6 @@ pop3d_apop (char *arg) | ... | @@ -146,11 +147,6 @@ pop3d_apop (char *arg) |
| 146 | return ERR_BAD_ARGS; | 147 | return ERR_BAD_ARGS; |
| 147 | 148 | ||
| 148 | pop3d_parse_command (arg, &user, &user_digest); | 149 | pop3d_parse_command (arg, &user, &user_digest); |
| 149 | if (strlen (user) > (POP_MAXCMDLEN - APOP_DIGEST)) | ||
| 150 | { | ||
| 151 | mu_diag_output (MU_DIAG_INFO, _("user name too long: %s"), user); | ||
| 152 | return ERR_BAD_ARGS; | ||
| 153 | } | ||
| 154 | 150 | ||
| 155 | password = pop3d_apopuser (user); | 151 | password = pop3d_apopuser (user); |
| 156 | if (password == NULL) | 152 | if (password == NULL) |
| ... | @@ -167,14 +163,9 @@ pop3d_apop (char *arg) | ... | @@ -167,14 +163,9 @@ pop3d_apop (char *arg) |
| 167 | free (password); | 163 | free (password); |
| 168 | mu_md5_finish_ctx (&md5context, md5digest); | 164 | mu_md5_finish_ctx (&md5context, md5digest); |
| 169 | 165 | ||
| 170 | { | 166 | for (i = 0, p = buf; i < 16; i++, p += 2) |
| 171 | int i; | 167 | sprintf (p, "%02x", md5digest[i]); |
| 172 | tmp = buf; | 168 | *p = 0; |
| 173 | for (i = 0; i < 16; i++, tmp += 2) | ||
| 174 | sprintf (tmp, "%02x", md5digest[i]); | ||
| 175 | } | ||
| 176 | |||
| 177 | *tmp++ = '\0'; | ||
| 178 | 169 | ||
| 179 | if (strcmp (user_digest, buf)) | 170 | if (strcmp (user_digest, buf)) |
| 180 | { | 171 | { | ... | ... |
| ... | @@ -276,11 +276,7 @@ pop3d_mainloop (int fd, FILE *infile, FILE *outfile) | ... | @@ -276,11 +276,7 @@ pop3d_mainloop (int fd, FILE *infile, FILE *outfile) |
| 276 | /* Refresh the Lock. */ | 276 | /* Refresh the Lock. */ |
| 277 | pop3d_touchlock (); | 277 | pop3d_touchlock (); |
| 278 | 278 | ||
| 279 | if (strlen (arg) > POP_MAXCMDLEN || strlen (cmd) > POP_MAXCMDLEN) | 279 | if ((handler = pop3d_find_command (cmd)) != NULL) |
| 280 | status = ERR_TOO_LONG; | ||
| 281 | else if (strlen (cmd) > 4) | ||
| 282 | status = ERR_BAD_CMD; | ||
| 283 | else if ((handler = pop3d_find_command (cmd)) != NULL) | ||
| 284 | status = handler (arg); | 280 | status = handler (arg); |
| 285 | else | 281 | else |
| 286 | status = ERR_BAD_CMD; | 282 | status = ERR_BAD_CMD; | ... | ... |
| ... | @@ -89,7 +89,7 @@ pop3d_begin_session () | ... | @@ -89,7 +89,7 @@ pop3d_begin_session () |
| 89 | int | 89 | int |
| 90 | pop3d_user (char *arg) | 90 | pop3d_user (char *arg) |
| 91 | { | 91 | { |
| 92 | char *buf, pass[POP_MAXCMDLEN], *tmp, *cmd; | 92 | char *buf, *pass, *cmd; |
| 93 | char buffer[512]; | 93 | char buffer[512]; |
| 94 | 94 | ||
| 95 | if (state != AUTHORIZATION) | 95 | if (state != AUTHORIZATION) |
| ... | @@ -102,16 +102,7 @@ pop3d_user (char *arg) | ... | @@ -102,16 +102,7 @@ pop3d_user (char *arg) |
| 102 | pop3d_flush_output (); | 102 | pop3d_flush_output (); |
| 103 | 103 | ||
| 104 | buf = pop3d_readline (buffer, sizeof (buffer)); | 104 | buf = pop3d_readline (buffer, sizeof (buffer)); |
| 105 | pop3d_parse_command (buf, &cmd, &tmp); | 105 | pop3d_parse_command (buf, &cmd, &pass); |
| 106 | |||
| 107 | if (strlen (tmp) > POP_MAXCMDLEN) | ||
| 108 | return ERR_TOO_LONG; | ||
| 109 | else | ||
| 110 | { | ||
| 111 | strncpy (pass, tmp, POP_MAXCMDLEN); | ||
| 112 | /* strncpy () is lame, make sure the string is null terminated. */ | ||
| 113 | pass[POP_MAXCMDLEN - 1] = '\0'; | ||
| 114 | } | ||
| 115 | 106 | ||
| 116 | if (mu_c_strcasecmp (cmd, "PASS") == 0) | 107 | if (mu_c_strcasecmp (cmd, "PASS") == 0) |
| 117 | { | 108 | { |
| ... | @@ -122,7 +113,8 @@ pop3d_user (char *arg) | ... | @@ -122,7 +113,8 @@ pop3d_user (char *arg) |
| 122 | tmp = pop3d_apopuser (arg); | 113 | tmp = pop3d_apopuser (arg); |
| 123 | if (tmp != NULL) | 114 | if (tmp != NULL) |
| 124 | { | 115 | { |
| 125 | mu_diag_output (MU_DIAG_INFO, _("APOP user %s tried to log in with USER"), arg); | 116 | mu_diag_output (MU_DIAG_INFO, |
| 117 | _("APOP user %s tried to log in with USER"), arg); | ||
| 126 | return ERR_BAD_LOGIN; | 118 | return ERR_BAD_LOGIN; |
| 127 | } | 119 | } |
| 128 | #endif | 120 | #endif | ... | ... |
-
Please register or sign in to post a comment