diff options
Diffstat (limited to 'usr.sbin/smtpd/smtpd.c')
-rw-r--r-- | usr.sbin/smtpd/smtpd.c | 40 |
1 files changed, 29 insertions, 11 deletions
diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c index 7328e0a4707..32b0bc942b7 100644 --- a/usr.sbin/smtpd/smtpd.c +++ b/usr.sbin/smtpd/smtpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.c,v 1.51 2009/03/29 14:18:20 jacekm Exp $ */ +/* $OpenBSD: smtpd.c,v 1.52 2009/04/03 05:20:17 oga Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -451,22 +451,40 @@ parent_dispatch_smtp(int fd, short event, void *p) case IMSG_PARENT_AUTHENTICATE: { struct session_auth_req *req; struct session_auth_reply reply; - u_int8_t buffer[1024]; - char *pw_name; - char *pw_passwd; + char buf[1024]; + char *user; + char *pass; + int len; req = (struct session_auth_req *)imsg.data; reply.session_id = req->session_id; reply.value = 0; - if (kn_decode_base64(req->buffer, buffer, sizeof(buffer)) != -1) { - pw_name = buffer+1; - pw_passwd = pw_name+strlen(pw_name)+1; - - if (auth_userokay(pw_name, NULL, "auth-smtp", pw_passwd)) - reply.value = 1; - } + /* String is not NUL terminated, leave room. */ + if ((len = kn_decode_base64(req->buffer, buf, + sizeof(buf) - 1)) == -1) + goto out; + /* buf is a byte string, NUL terminate. */ + buf[len] = '\0'; + + /* + * Skip "foo" in "foo\0user\0pass", if present. + */ + user = memchr(buf, '\0', len); + if (user == NULL || user >= buf + len - 2) + goto out; + user++; /* skip NUL */ + + pass = memchr(user, '\0', len - (user - buf)); + if (pass == NULL || pass >= buf + len - 2) + goto out; + pass++; /* skip NUL */ + + if (auth_userokay(user, NULL, "auth-smtp", pass)) + reply.value = 1; + +out: imsg_compose(ibuf, IMSG_PARENT_AUTHENTICATE, 0, 0, -1, &reply, sizeof(reply)); |