From 615edc1f73090f5f876f1491f9658f6429fdf481 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 1 Dec 2017 00:45:46 +0100 Subject: sasl_getmesssage: make sure we have a long enough string to pass For pop3/imap/smtp, added test 891 to somewhat verify the pop3 case. For this, I enhanced the pingpong test server to be able to send back responses with LF-only instead of always using CRLF. Closes #2150 --- lib/imap.c | 29 +++++++++++++++++------------ lib/pop3.c | 29 +++++++++++++++++------------ lib/smtp.c | 29 +++++++++++++++++------------ tests/FILEFORMAT | 2 ++ tests/data/Makefile.inc | 2 +- tests/data/test891 | 47 +++++++++++++++++++++++++++++++++++++++++++++++ tests/ftpserver.pl | 16 +++++++++++----- 7 files changed, 112 insertions(+), 42 deletions(-) create mode 100644 tests/data/test891 diff --git a/lib/imap.c b/lib/imap.c index 1b52f73a4..63a998b2b 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -344,23 +344,28 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len, */ static void imap_get_message(char *buffer, char **outptr) { - size_t len = 0; + size_t len = strlen(buffer); char *message = NULL; - /* Find the start of the message */ - for(message = buffer + 2; *message == ' ' || *message == '\t'; message++) - ; + if(len > 2) { + /* Find the start of the message */ + for(message = buffer + 2; *message == ' ' || *message == '\t'; message++) + ; - /* Find the end of the message */ - for(len = strlen(message); len--;) - if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && - message[len] != '\t') - break; + /* Find the end of the message */ + for(len -= 2; len--;) + if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && + message[len] != '\t') + break; - /* Terminate the message */ - if(++len) { - message[len] = '\0'; + /* Terminate the message */ + if(++len) { + message[len] = '\0'; + } } + else + /* junk input => zero length output */ + message = &buffer[len]; *outptr = message; } diff --git a/lib/pop3.c b/lib/pop3.c index 5792a4a6f..40dde1052 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -243,23 +243,28 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len, */ static void pop3_get_message(char *buffer, char **outptr) { - size_t len = 0; + size_t len = strlen(buffer); char *message = NULL; - /* Find the start of the message */ - for(message = buffer + 2; *message == ' ' || *message == '\t'; message++) - ; + if(len > 2) { + /* Find the start of the message */ + for(message = buffer + 2; *message == ' ' || *message == '\t'; message++) + ; - /* Find the end of the message */ - for(len = strlen(message); len--;) - if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && - message[len] != '\t') - break; + /* Find the end of the message */ + for(len -= 2; len--;) + if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && + message[len] != '\t') + break; - /* Terminate the message */ - if(++len) { - message[len] = '\0'; + /* Terminate the message */ + if(++len) { + message[len] = '\0'; + } } + else + /* junk input => zero length output */ + message = &buffer[len]; *outptr = message; } diff --git a/lib/smtp.c b/lib/smtp.c index 44ee2e9f8..b31ecb4b0 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -232,23 +232,28 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len, */ static void smtp_get_message(char *buffer, char **outptr) { - size_t len = 0; + size_t len = strlen(buffer); char *message = NULL; - /* Find the start of the message */ - for(message = buffer + 4; *message == ' ' || *message == '\t'; message++) - ; + if(len > 4) { + /* Find the start of the message */ + for(message = buffer + 4; *message == ' ' || *message == '\t'; message++) + ; - /* Find the end of the message */ - for(len = strlen(message); len--;) - if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && - message[len] != '\t') - break; + /* Find the end of the message */ + for(len -= 4; len--;) + if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && + message[len] != '\t') + break; - /* Terminate the message */ - if(++len) { - message[len] = '\0'; + /* Terminate the message */ + if(++len) { + message[len] = '\0'; + } } + else + /* junk input => zero length output */ + message = &buffer[len]; *outptr = message; } diff --git a/tests/FILEFORMAT b/tests/FILEFORMAT index fbeee2a7e..5426f333f 100644 --- a/tests/FILEFORMAT +++ b/tests/FILEFORMAT @@ -124,6 +124,8 @@ REPLY [command] [return value] [response string] evaluated as a perl string, so it can contain embedded \r\n, for example. There's a special [command] named "welcome" (without quotes) which is the string sent immediately on connect as a welcome. +REPLYLF (like above but sends the response terminated with LF-only and not + CRLF) COUNT [command] [num] - Do the REPLY change for [command] only [num] times and then go back to the built-in approach diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 8383d4c64..c9e2dc2f6 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -95,7 +95,7 @@ test850 test851 test852 test853 test854 test855 test856 test857 test858 \ test859 test860 test861 test862 test863 test864 test865 test866 test867 \ test868 test869 test870 test871 test872 test873 test874 test875 test876 \ test877 test878 test879 test880 test881 test882 test883 test884 test885 \ -test886 test887 test888 test889 test890 \ +test886 test887 test888 test889 test890 test891 \ \ test900 test901 test902 test903 test904 test905 test906 test907 test908 \ test909 test910 test911 test912 test913 test914 test915 test916 test917 \ diff --git a/tests/data/test891 b/tests/data/test891 new file mode 100644 index 000000000..61eae10c0 --- /dev/null +++ b/tests/data/test891 @@ -0,0 +1,47 @@ + + + +POP3 + + + +# +# Server-side + + +AUTH CRAM-MD5 +REPLYLF AUTH + + + + +# +# Client-side + + +pop3 + + +crypto + + +POP3 with short authentication response + + +pop3://%HOSTIP:%POP3PORT/891 -u user:secret + + + +# +# Verify data after the test has been "shot" + + +CAPA +AUTH CRAM-MD5 +dXNlciA1YzhkYjAzZjA0Y2VjMGY0M2JjYjA2MDAyMzkxNDE5MA== + +# CURLE_LOGIN_DENIED + +67 + + + diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl index ae8b4a017..956275881 100755 --- a/tests/ftpserver.pl +++ b/tests/ftpserver.pl @@ -2755,13 +2755,19 @@ sub customize { $fulltextreply{$1}=eval "qq{$2}"; logmsg "FTPD: set custom reply for $1\n"; } - elsif($_ =~ /REPLY ([A-Za-z0-9+\/=\*]*) (.*)/) { - $commandreply{$1}=eval "qq{$2}"; - if($1 eq "") { + elsif($_ =~ /REPLY(LF|) ([A-Za-z0-9+\/=\*]*) (.*)/) { + $commandreply{$2}=eval "qq{$3}"; + if($1 ne "LF") { + $commandreply{$2}.="\r\n"; + } + else { + $commandreply{$2}.="\n"; + } + if($2 eq "") { logmsg "FTPD: set custom reply for empty command\n"; } else { - logmsg "FTPD: set custom reply for $1 command\n"; + logmsg "FTPD: set custom reply for $2 command\n"; } } elsif($_ =~ /COUNT ([A-Z]+) (.*)/) { @@ -3175,7 +3181,7 @@ while(1) { $commandreply{$FTPCMD}=""; } - sendcontrol "$text\r\n"; + sendcontrol $text; $check = 0; } else { -- cgit v1.2.1