Unity-Technologies
/
curl
зеркало из https://github.com/Unity-Technologies/curl.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

pop3: Fixed an issue with changes introduced in commit c267c53017 

Because pop3_endofresp() is called for each line of data yet is not
passed the line and line length, so we have to use the data pointed to
by pp->linestart_resp which contains the whole packet, the mechanisms
were being detected in one call yet the function would be called for
each line of data.

Using curl with verbose mode enabled would show that one line of data
would be received in response to the AUTH command, before the AUTH
<mechanism> command was sent to the server and then the next few lines
of the original AUTH command would be displayed before the response from
the AUTH <mechanism> command. This would then cause problems when
parsing the CRAM-MD5 challenge data as extra data was contained in the
buffer.

Changed the parsing so that each line is checked for the mechanisms
and the function returns FALSE until the whole of the AUTH response has
been processed.
This commit is contained in:
Steve Holme 2012-06-03 17:06:48 +01:00
Родитель 69f01ec2d1
Коммит b5bb61ee69
1 изменённых файлов: 38 добавлений и 13 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

51
lib/pop3.c
Просмотреть файл

@ -216,38 +216,56 @@ static const struct Curl_handler Curl_handler_pop3s_proxy = {
static int pop3_endofresp(struct pingpong *pp, int *resp)
{
char *line = pp->linestart_resp;
size_t len = pp->nread_resp;
size_t len = strlen(pp->linestart_resp);
struct connectdata *conn = pp->conn;
struct pop3_conn *pop3c = &conn->proto.pop3c;
size_t wordlen;
if((len < 1 || memcmp("+", line, 1)) &&
(len < 3 || memcmp("+OK", line, 3)) &&
(len < 4 || memcmp("-ERR", line, 4)))
return FALSE; /* Nothing for us */
/* Do we have an error response? */
if(len >= 4 && !memcmp("-ERR", line, 4)) {
*resp = '-';
*resp = line[0]; /* + or - */
return FALSE;
}
if(pop3c->state == POP3_AUTH && len >= 3 && !memcmp(line, "+OK", 3)) {
line += 3;
len -= 3;
/* Are we processing reponses to our AUTH command */
if(pop3c->state == POP3_AUTH) {
/* Advance past our positive response if necessary */
if(len >= 3 && !memcmp(line, "+OK", 3)) {
line += 3;
len -= 3;
}
/* Loop through the data line */
for(;;) {
while(len &&
(*line == ' ' || *line == '\t' ||
*line == '\r' || *line == '\n')) {
if(*line == '\n')
return FALSE;
line++;
len--;
}
if(!len || *line == '.')
if(!len)
break;
/* Until we receive the terminating character */
if(*line == '.') {
*resp = '+';
return TRUE;
}
/* Extract the word */
for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
line[wordlen] != '\t' && line[wordlen] != '\r' &&
line[wordlen] != '\n';)
wordlen++;
/* Test the word for a matching authentication mechanism */
if(wordlen == 5 && !memcmp(line, "LOGIN", 5))
pop3c->authmechs |= SASL_AUTH_LOGIN;
else if(wordlen == 5 && !memcmp(line, "PLAIN", 5))
@ -268,6 +286,13 @@ static int pop3_endofresp(struct pingpong *pp, int *resp)
}
}
if((len < 1 || memcmp("+", line, 1)) &&
(len < 3 || memcmp("+OK", line, 3)))
return FALSE; /* Nothing for us */
/* Otherwise it's a positive response */
*resp = '+';
return TRUE;
}
@ -500,7 +525,7 @@ static CURLcode pop3_state_auth_plain_resp(struct connectdata *conn,
result = CURLE_LOGIN_DENIED;
}
else {
result = Curl_sasl_create_plain_message(conn->data, conn->user,
result = Curl_sasl_create_plain_message(data, conn->user,
conn->passwd, &plainauth, &len);
if(!result) {
@ -534,7 +559,7 @@ static CURLcode pop3_state_auth_login_resp(struct connectdata *conn,
result = CURLE_LOGIN_DENIED;
}
else {
result = Curl_sasl_create_login_message(conn->data, conn->user,
result = Curl_sasl_create_login_message(data, conn->user,
&authuser, &len);
if(!result) {
@ -568,7 +593,7 @@ static CURLcode pop3_state_auth_login_password_resp(struct connectdata *conn,
result = CURLE_LOGIN_DENIED;
}
else {
result = Curl_sasl_create_login_message(conn->data, conn->passwd,
result = Curl_sasl_create_login_message(data, conn->passwd,
&authpasswd, &len);
if(!result) {