ph10 2005/04/27 11:55:20 BST
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src smtp_in.c
exim-test-orig/AutoTest/log 278
exim-test-orig/AutoTest/scripts 278
exim-test-orig/AutoTest/stdout 278
Added files:
exim-test-orig/AutoTest/rejectlog 278
Log:
Ensure the value of $authenticated_id contains only printing characters.
Revision Changes Path
1.126 +6 -0 exim/exim-doc/doc-txt/ChangeLog
1.16 +8 -0 exim/exim-src/src/smtp_in.c
1.2 +1 -0 exim/exim-test-orig/AutoTest/log/278
1.1 +1 -0 exim/exim-test-orig/AutoTest/rejectlog/278 (new)
1.2 +1 -0 exim/exim-test-orig/AutoTest/scripts/278
1.2 +1 -0 exim/exim-test-orig/AutoTest/stdout/278
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.125
retrieving revision 1.126
diff -u -r1.125 -r1.126
--- ChangeLog 27 Apr 2005 10:06:00 -0000 1.125
+++ ChangeLog 27 Apr 2005 10:55:20 -0000 1.126
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.125 2005/04/27 10:06:00 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.126 2005/04/27 10:55:20 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -238,6 +238,12 @@
blindly assumes that writes won't block so it may never time out."
PH/39 Allow G after quota size as well as K and M.
+
+PH/40 The value set for $authenticated_id in an authenticator may not contain
+ binary zeroes or newlines because the value is written to log lines and
+ to spool files. There was no check on this. Now the value is run through
+ the string_printing() function so that such characters are converted to
+ printable escape sequences.
A note about Exim versions 4.44 and 4.50
Index: smtp_in.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/smtp_in.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- smtp_in.c 29 Mar 2005 15:53:12 -0000 1.15
+++ smtp_in.c 27 Apr 2005 10:55:20 -0000 1.16
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/smtp_in.c,v 1.15 2005/03/29 15:53:12 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/smtp_in.c,v 1.16 2005/04/27 10:55:20 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -2112,6 +2112,14 @@
c = (au->info->servercode)(au, smtp_data);
if (au->set_id != NULL) set_id = expand_string(au->set_id);
expand_nmax = -1; /* Reset numeric variables */
+
+ /* The value of authenticated_id is stored in the spool file and printed in
+ log lines. It must not contain binary zeros or newline characters. In
+ normal use, it never will, but when playing around or testing, this error
+ can (did) happen. To guard against this, ensure that the id contains only
+ printing characters. */
+
+ if (set_id != NULL) set_id = string_printing(set_id);
/* For the non-OK cases, set up additional logging data if set_id
is not empty. */
Index: 278
===================================================================
RCS file: /home/cvs/exim/exim-test-orig/AutoTest/log/278,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 278 8 Oct 2004 14:49:31 -0000 1.1
+++ 278 27 Apr 2005 10:55:20 -0000 1.2
@@ -1,3 +1,4 @@
+1999-03-02 09:44:33 plain1 authenticator failed for ph10: 535 Incorrect authentication data (set_id=ph10\n)
1999-03-02 09:44:33 10HmaX-0005vi-00 <= ph10@??? U=ph10 P=local-esmtpa A=plain1:ph10 S=296
1999-03-02 09:44:33 10HmaX-0005vi-00 => ph10 <ph10@???> R=d1 T=t1
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
Index: 278
====================================================================
1999-03-02 09:44:33 plain1 authenticator failed for ph10: 535 Incorrect authentication data (set_id=ph10\n)
Index: 278
===================================================================
RCS file: /home/cvs/exim/exim-test-orig/AutoTest/scripts/278,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 278 8 Oct 2004 14:49:52 -0000 1.1
+++ 278 27 Apr 2005 10:55:20 -0000 1.2
@@ -1,6 +1,7 @@
0 authentication (preservation of $authenticated_id)
exim -odi -bs -oMa 10.0.0.2
ehlo testing.ex
+auth plain AHBoMTAKAHNlY3JldA==
auth plain AHBoMTAAc2VjcmV0
mail from:<ph10@???>
rcpt to:<ph10@???>
Index: 278
===================================================================
RCS file: /home/cvs/exim/exim-test-orig/AutoTest/stdout/278,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 278 8 Oct 2004 14:50:13 -0000 1.1
+++ 278 27 Apr 2005 10:55:20 -0000 1.2
@@ -4,6 +4,7 @@
250-PIPELINING
250-AUTH PLAIN
250 HELP
+535 Incorrect authentication data
235 Authentication succeeded
250 OK
250 Accepted
