summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2017-12-01 00:45:46 +0100
committerDaniel Stenberg <daniel@haxx.se>2017-12-05 08:15:23 +0100
commit7eb6e080fcbd891d34b2b3353dc2e3f07c8bc35d (patch)
treeed060508a315f6ca306a6d1ab492b6687f8f3f40
parent4401409468f590520dd5d0f0a55607eefa5ff4c1 (diff)
downloadcurl-bagder/pop3_get_message.tar.gz
sasl_getmesssage: make sure we have a long enough string to passbagder/pop3_get_message
For pop3/imap/smtp, added test 891 to somewhat verify the pop3 case. For this, I enhanced the pingpong test server to be able to send back responses with LF-only instead of always using CRLF.
-rw-r--r--lib/imap.c29
-rw-r--r--lib/pop3.c29
-rw-r--r--lib/smtp.c29
-rw-r--r--tests/FILEFORMAT2
-rw-r--r--tests/data/Makefile.inc2
-rw-r--r--tests/data/test89147
-rwxr-xr-xtests/ftpserver.pl16
7 files changed, 112 insertions, 42 deletions
diff --git a/lib/imap.c b/lib/imap.c
index 1b52f73a4..63a998b2b 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -344,23 +344,28 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
*/
static void imap_get_message(char *buffer, char **outptr)
{
- size_t len = 0;
+ size_t len = strlen(buffer);
char *message = NULL;
- /* Find the start of the message */
- for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
- ;
+ if(len > 2) {
+ /* Find the start of the message */
+ for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
+ ;
- /* Find the end of the message */
- for(len = strlen(message); len--;)
- if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
- message[len] != '\t')
- break;
+ /* Find the end of the message */
+ for(len -= 2; len--;)
+ if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
+ message[len] != '\t')
+ break;
- /* Terminate the message */
- if(++len) {
- message[len] = '\0';
+ /* Terminate the message */
+ if(++len) {
+ message[len] = '\0';
+ }
}
+ else
+ /* junk input => zero length output */
+ message = &buffer[len];
*outptr = message;
}
diff --git a/lib/pop3.c b/lib/pop3.c
index 5792a4a6f..40dde1052 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -243,23 +243,28 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len,
*/
static void pop3_get_message(char *buffer, char **outptr)
{
- size_t len = 0;
+ size_t len = strlen(buffer);
char *message = NULL;
- /* Find the start of the message */
- for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
- ;
+ if(len > 2) {
+ /* Find the start of the message */
+ for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
+ ;
- /* Find the end of the message */
- for(len = strlen(message); len--;)
- if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
- message[len] != '\t')
- break;
+ /* Find the end of the message */
+ for(len -= 2; len--;)
+ if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
+ message[len] != '\t')
+ break;
- /* Terminate the message */
- if(++len) {
- message[len] = '\0';
+ /* Terminate the message */
+ if(++len) {
+ message[len] = '\0';
+ }
}
+ else
+ /* junk input => zero length output */
+ message = &buffer[len];
*outptr = message;
}
diff --git a/lib/smtp.c b/lib/smtp.c
index 44ee2e9f8..b31ecb4b0 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -232,23 +232,28 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len,
*/
static void smtp_get_message(char *buffer, char **outptr)
{
- size_t len = 0;
+ size_t len = strlen(buffer);
char *message = NULL;
- /* Find the start of the message */
- for(message = buffer + 4; *message == ' ' || *message == '\t'; message++)
- ;
+ if(len > 4) {
+ /* Find the start of the message */
+ for(message = buffer + 4; *message == ' ' || *message == '\t'; message++)
+ ;
- /* Find the end of the message */
- for(len = strlen(message); len--;)
- if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
- message[len] != '\t')
- break;
+ /* Find the end of the message */
+ for(len -= 4; len--;)
+ if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
+ message[len] != '\t')
+ break;
- /* Terminate the message */
- if(++len) {
- message[len] = '\0';
+ /* Terminate the message */
+ if(++len) {
+ message[len] = '\0';
+ }
}
+ else
+ /* junk input => zero length output */
+ message = &buffer[len];
*outptr = message;
}
diff --git a/tests/FILEFORMAT b/tests/FILEFORMAT
index fbeee2a7e..5426f333f 100644
--- a/tests/FILEFORMAT
+++ b/tests/FILEFORMAT
@@ -124,6 +124,8 @@ REPLY [command] [return value] [response string]
evaluated as a perl string, so it can contain embedded \r\n, for example.
There's a special [command] named "welcome" (without quotes) which is the
string sent immediately on connect as a welcome.
+REPLYLF (like above but sends the response terminated with LF-only and not
+ CRLF)
COUNT [command] [num]
- Do the REPLY change for [command] only [num] times and then go back to the
built-in approach
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 8383d4c64..c9e2dc2f6 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -95,7 +95,7 @@ test850 test851 test852 test853 test854 test855 test856 test857 test858 \
test859 test860 test861 test862 test863 test864 test865 test866 test867 \
test868 test869 test870 test871 test872 test873 test874 test875 test876 \
test877 test878 test879 test880 test881 test882 test883 test884 test885 \
-test886 test887 test888 test889 test890 \
+test886 test887 test888 test889 test890 test891 \
\
test900 test901 test902 test903 test904 test905 test906 test907 test908 \
test909 test910 test911 test912 test913 test914 test915 test916 test917 \
diff --git a/tests/data/test891 b/tests/data/test891
new file mode 100644
index 000000000..61eae10c0
--- /dev/null
+++ b/tests/data/test891
@@ -0,0 +1,47 @@
+<testcase>
+<info>
+<keywords>
+POP3
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+AUTH CRAM-MD5
+REPLYLF AUTH +
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+pop3
+</server>
+<features>
+crypto
+</features>
+ <name>
+POP3 with short authentication response
+ </name>
+ <command>
+pop3://%HOSTIP:%POP3PORT/891 -u user:secret
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+CAPA
+AUTH CRAM-MD5
+dXNlciA1YzhkYjAzZjA0Y2VjMGY0M2JjYjA2MDAyMzkxNDE5MA==
+</protocol>
+# CURLE_LOGIN_DENIED
+<errorcode>
+67
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl
index ae8b4a017..956275881 100755
--- a/tests/ftpserver.pl
+++ b/tests/ftpserver.pl
@@ -2755,13 +2755,19 @@ sub customize {
$fulltextreply{$1}=eval "qq{$2}";
logmsg "FTPD: set custom reply for $1\n";
}
- elsif($_ =~ /REPLY ([A-Za-z0-9+\/=\*]*) (.*)/) {
- $commandreply{$1}=eval "qq{$2}";
- if($1 eq "") {
+ elsif($_ =~ /REPLY(LF|) ([A-Za-z0-9+\/=\*]*) (.*)/) {
+ $commandreply{$2}=eval "qq{$3}";
+ if($1 ne "LF") {
+ $commandreply{$2}.="\r\n";
+ }
+ else {
+ $commandreply{$2}.="\n";
+ }
+ if($2 eq "") {
logmsg "FTPD: set custom reply for empty command\n";
}
else {
- logmsg "FTPD: set custom reply for $1 command\n";
+ logmsg "FTPD: set custom reply for $2 command\n";
}
}
elsif($_ =~ /COUNT ([A-Z]+) (.*)/) {
@@ -3175,7 +3181,7 @@ while(1) {
$commandreply{$FTPCMD}="";
}
- sendcontrol "$text\r\n";
+ sendcontrol $text;
$check = 0;
}
else {