summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2018-07-31 18:07:20 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2018-07-31 18:07:20 +0200
commit3550bc494d8fe51e8830929a4f543931030aaab0 (patch)
tree5a0fb77d9c2005928a97eba0747e8ebbf607318f
parent884ea1c172f022c362a3d99b11dbd2f2443ab786 (diff)
sendmail: use on-stack buffer for AUTH PLAIN
function old new delta sendmail_main 1335 1307 -28 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--mailutils/sendmail.c38
1 files changed, 27 insertions, 11 deletions
diff --git a/mailutils/sendmail.c b/mailutils/sendmail.c
index 7a4afb835..32c50ba84 100644
--- a/mailutils/sendmail.c
+++ b/mailutils/sendmail.c
@@ -361,19 +361,35 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv)
if (!G.user || !G.pass)
get_cred_or_die(4);
if (opts & OPT_am_plain) {
- char *plain_auth;
- size_t user_len, pass_len;
- user_len = strlen(G.user);
- pass_len = strlen(G.pass);
+ // C: AUTH PLAIN
+ // S: 334
+ // C: base64encoded(auth<NUL>user<NUL>pass)
+ // S: 235 2.7.0 Authentication successful
+//Note: a shorter format is allowed:
+// C: AUTH PLAIN base64encoded(auth<NUL>user<NUL>pass)
+// S: 235 2.7.0 Authentication successful
smtp_check("AUTH PLAIN", 334);
- // use \1 as placeholders for \0 (format string is NUL-terminated)
- plain_auth = xasprintf("\1%s\1%s", G.user, G.pass);
- // substitute placeholders
- plain_auth[0] = '\0';
- plain_auth[1 + user_len] = '\0';
- printbuf_base64(plain_auth, 1 + user_len + 1 + pass_len);
- free(plain_auth);
+ {
+ unsigned user_len = strlen(G.user);
+ unsigned pass_len = strlen(G.pass);
+ unsigned sz = 1 + user_len + 1 + pass_len;
+ char plain_auth[sz + 1];
+ // the format is:
+ // "authorization identity<NUL>username<NUL>password"
+ // authorization identity is empty.
+ plain_auth[0] = '\0';
+ strcpy(stpcpy(plain_auth + 1, G.user) + 1, G.pass);
+ printbuf_base64(plain_auth, sz);
+ }
} else {
+ // C: AUTH LOGIN
+ // S: 334 VXNlcm5hbWU6
+ // ^^^^^^^^^^^^ server says "Username:"
+ // C: base64encoded(user)
+ // S: 334 UGFzc3dvcmQ6
+ // ^^^^^^^^^^^^ server says "Password:"
+ // C: base64encoded(pass)
+ // S: 235 2.7.0 Authentication successful
smtp_check("AUTH LOGIN", 334);
printstr_base64(G.user);
smtp_check("", 334);