diff options
author | Daniel Stenberg <daniel@haxx.se> | 2017-12-01 00:45:46 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-12-05 08:15:23 +0100 |
commit | 7eb6e080fcbd891d34b2b3353dc2e3f07c8bc35d (patch) | |
tree | ed060508a315f6ca306a6d1ab492b6687f8f3f40 | |
parent | 4401409468f590520dd5d0f0a55607eefa5ff4c1 (diff) | |
download | curl-bagder/pop3_get_message.tar.gz |
sasl_getmesssage: make sure we have a long enough string to passbagder/pop3_get_message
For pop3/imap/smtp, added test 891 to somewhat verify the pop3
case.
For this, I enhanced the pingpong test server to be able to send back
responses with LF-only instead of always using CRLF.
-rw-r--r-- | lib/imap.c | 29 | ||||
-rw-r--r-- | lib/pop3.c | 29 | ||||
-rw-r--r-- | lib/smtp.c | 29 | ||||
-rw-r--r-- | tests/FILEFORMAT | 2 | ||||
-rw-r--r-- | tests/data/Makefile.inc | 2 | ||||
-rw-r--r-- | tests/data/test891 | 47 | ||||
-rwxr-xr-x | tests/ftpserver.pl | 16 |
7 files changed, 112 insertions, 42 deletions
diff --git a/lib/imap.c b/lib/imap.c index 1b52f73a4..63a998b2b 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -344,23 +344,28 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len, */ static void imap_get_message(char *buffer, char **outptr) { - size_t len = 0; + size_t len = strlen(buffer); char *message = NULL; - /* Find the start of the message */ - for(message = buffer + 2; *message == ' ' || *message == '\t'; message++) - ; + if(len > 2) { + /* Find the start of the message */ + for(message = buffer + 2; *message == ' ' || *message == '\t'; message++) + ; - /* Find the end of the message */ - for(len = strlen(message); len--;) - if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && - message[len] != '\t') - break; + /* Find the end of the message */ + for(len -= 2; len--;) + if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && + message[len] != '\t') + break; - /* Terminate the message */ - if(++len) { - message[len] = '\0'; + /* Terminate the message */ + if(++len) { + message[len] = '\0'; + } } + else + /* junk input => zero length output */ + message = &buffer[len]; *outptr = message; } diff --git a/lib/pop3.c b/lib/pop3.c index 5792a4a6f..40dde1052 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -243,23 +243,28 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len, */ static void pop3_get_message(char *buffer, char **outptr) { - size_t len = 0; + size_t len = strlen(buffer); char *message = NULL; - /* Find the start of the message */ - for(message = buffer + 2; *message == ' ' || *message == '\t'; message++) - ; + if(len > 2) { + /* Find the start of the message */ + for(message = buffer + 2; *message == ' ' || *message == '\t'; message++) + ; - /* Find the end of the message */ - for(len = strlen(message); len--;) - if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && - message[len] != '\t') - break; + /* Find the end of the message */ + for(len -= 2; len--;) + if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && + message[len] != '\t') + break; - /* Terminate the message */ - if(++len) { - message[len] = '\0'; + /* Terminate the message */ + if(++len) { + message[len] = '\0'; + } } + else + /* junk input => zero length output */ + message = &buffer[len]; *outptr = message; } diff --git a/lib/smtp.c b/lib/smtp.c index 44ee2e9f8..b31ecb4b0 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -232,23 +232,28 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len, */ static void smtp_get_message(char *buffer, char **outptr) { - size_t len = 0; + size_t len = strlen(buffer); char *message = NULL; - /* Find the start of the message */ - for(message = buffer + 4; *message == ' ' || *message == '\t'; message++) - ; + if(len > 4) { + /* Find the start of the message */ + for(message = buffer + 4; *message == ' ' || *message == '\t'; message++) + ; - /* Find the end of the message */ - for(len = strlen(message); len--;) - if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && - message[len] != '\t') - break; + /* Find the end of the message */ + for(len -= 4; len--;) + if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && + message[len] != '\t') + break; - /* Terminate the message */ - if(++len) { - message[len] = '\0'; + /* Terminate the message */ + if(++len) { + message[len] = '\0'; + } } + else + /* junk input => zero length output */ + message = &buffer[len]; *outptr = message; } diff --git a/tests/FILEFORMAT b/tests/FILEFORMAT index fbeee2a7e..5426f333f 100644 --- a/tests/FILEFORMAT +++ b/tests/FILEFORMAT @@ -124,6 +124,8 @@ REPLY [command] [return value] [response string] evaluated as a perl string, so it can contain embedded \r\n, for example. There's a special [command] named "welcome" (without quotes) which is the string sent immediately on connect as a welcome. +REPLYLF (like above but sends the response terminated with LF-only and not + CRLF) COUNT [command] [num] - Do the REPLY change for [command] only [num] times and then go back to the built-in approach diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 8383d4c64..c9e2dc2f6 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -95,7 +95,7 @@ test850 test851 test852 test853 test854 test855 test856 test857 test858 \ test859 test860 test861 test862 test863 test864 test865 test866 test867 \ test868 test869 test870 test871 test872 test873 test874 test875 test876 \ test877 test878 test879 test880 test881 test882 test883 test884 test885 \ -test886 test887 test888 test889 test890 \ +test886 test887 test888 test889 test890 test891 \ \ test900 test901 test902 test903 test904 test905 test906 test907 test908 \ test909 test910 test911 test912 test913 test914 test915 test916 test917 \ diff --git a/tests/data/test891 b/tests/data/test891 new file mode 100644 index 000000000..61eae10c0 --- /dev/null +++ b/tests/data/test891 @@ -0,0 +1,47 @@ +<testcase> +<info> +<keywords> +POP3 +</keywords> +</info> + +# +# Server-side +<reply> +<servercmd> +AUTH CRAM-MD5 +REPLYLF AUTH + +</servercmd> +</reply> + +# +# Client-side +<client> +<server> +pop3 +</server> +<features> +crypto +</features> + <name> +POP3 with short authentication response + </name> + <command> +pop3://%HOSTIP:%POP3PORT/891 -u user:secret +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<protocol> +CAPA
+AUTH CRAM-MD5
+dXNlciA1YzhkYjAzZjA0Y2VjMGY0M2JjYjA2MDAyMzkxNDE5MA==
+</protocol> +# CURLE_LOGIN_DENIED +<errorcode> +67 +</errorcode> +</verify> +</testcase> diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl index ae8b4a017..956275881 100755 --- a/tests/ftpserver.pl +++ b/tests/ftpserver.pl @@ -2755,13 +2755,19 @@ sub customize { $fulltextreply{$1}=eval "qq{$2}"; logmsg "FTPD: set custom reply for $1\n"; } - elsif($_ =~ /REPLY ([A-Za-z0-9+\/=\*]*) (.*)/) { - $commandreply{$1}=eval "qq{$2}"; - if($1 eq "") { + elsif($_ =~ /REPLY(LF|) ([A-Za-z0-9+\/=\*]*) (.*)/) { + $commandreply{$2}=eval "qq{$3}"; + if($1 ne "LF") { + $commandreply{$2}.="\r\n"; + } + else { + $commandreply{$2}.="\n"; + } + if($2 eq "") { logmsg "FTPD: set custom reply for empty command\n"; } else { - logmsg "FTPD: set custom reply for $1 command\n"; + logmsg "FTPD: set custom reply for $2 command\n"; } } elsif($_ =~ /COUNT ([A-Z]+) (.*)/) { @@ -3175,7 +3181,7 @@ while(1) { $commandreply{$FTPCMD}=""; } - sendcontrol "$text\r\n"; + sendcontrol $text; $check = 0; } else { |