Re: [Exim] exim AUTH driver - \000 in string bug?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: Jeff AA
CC: exim-users
Sujet: Re: [Exim] exim AUTH driver - \000 in string bug?
On Mon, 12 Aug 2002, Jeff AA wrote:

> This AUTH configuration fails with the \000 delimiters but parses ok if
> I remove them:
>
> login:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = "${if
> eq{$2}{${lookup{${1}\000hostname\000userPassword}dbmnz{/etc/sasldb2}{$va
> lue}}}{1}{0}}"
> server_set_id = $1
>
> This appears to be a bug in the way that exim parses the config and
> handles strings containing \000?
>
> I already agree that using \000 is awful - and have mailed the SASL
> folks accordingly.
>
> But, as embedded nulls are part of the standard interaction for
> PLAINTEXT auth, methinks there is room for an exim fixum too?


It is true that Exim cannot handle strings containing nulls. It operates
with null-terminated C strings.

The embedded nulls for plaintext are recognized in the *incoming*
authenticator data, and are used to delimit the separate strings - just
like C strings!

I cannot see any easy way round this.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.