https://bugs.exim.org/show_bug.cgi?id=2687
Bug ID: 2687
Summary: AUTH PLAIN should provide better support for quoting
circumflexes
Product: Exim
Version: 4.94
Hardware: x86
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: SMTP Authentication
Assignee: jgh146exb@???
Reporter: earl_chew@???
CC: exim-dev@???
Created attachment 1356
-->
https://bugs.exim.org/attachment.cgi?id=1356&action=edit
Test program illustrating defect, and a proposed solution
According to
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_plaintext_authenticator.html
-
> If there are any single circumflex characters in the string, they are
> converted to NULs. Should an actual circumflex be required as data, it must
> be doubled in the string.
The present implementation (auths/get_data.c) uses the following:
/* The character ^ is used as an escape for a binary zero character, which is
needed for the PLAIN mechanism. It must be doubled if really needed. */
for (int i = 0; i < len; i++)
if (ss[i] == '^')
if (ss[i+1] != '^')
ss[i] = 0;
else
if (--len > ++i) memmove(ss + i, ss + i + 1, len - i);
This has a odd behaviours in the following scenarios:
1. Quoting consecutive circumflexes (ie ^^^^)
2. Ending a word with a circumflex (ie word^^^) before a nul
3. Starting a word with a circumflex (ie ^^^word) after a nul
The attached test program illustrates the present behaviour ("current") and
compares it with proposed behaviour ("proposed"). (Note that the test output
uses @ in place of nul to the sake of legibility.)
Options:
1. Just fix the behaviour. This might break some existing configurations, and
does not address the gap that it is presently not possible to start a word with
a circumflex.
2. Add a way to indicate a new encoding that both fixes the behaviour, and
allows a word to start with a circumflex.
3. Try to incorporate a fix, and to allow a word to start with a circumflex,
using the present encoding.
The remainder of this report makes a proposal for (3), leaving options for (1)
and (2) for consideration by others.
The proposed syntax is somewhat odd so that the chance of breaking existing
configurations is reduced, while keeping the idea that pairs of circumflexes
are replaced by a single circumflex. It makes use of the fact that presently
three consecutive circumflexes is not useful because it results in two
circumflexes (IOW ^^^ results in ^^).
1. Two consecutive circumflexes followed by ^@ are replaced by a single nul.
(^^^@ -> \0)
2. Two consecutive circumflexes followed by ^^ are replaced by a pair of
circumflexes. (^^^^ -> ^^)
3. Three consecutive circumflexes followed by x, where is neither @ nor ^, are
replaced by a single circumflex, a single nul, and x. (^^^x -> ^\0x)
4. Two consecutive circumflexes are replaced by a single circumflex. (^^ -> ^)
5. A single circumflex is replaced by a single nul. (^ -> \0)
Rule 1 can be used to start a word with a circumflex (eg ^^^@^^one^^^@^^two ->
\0^one\0^two).
Rule 3 can be used to end a word with a circumflex (eg ^one^^^two ->
\0one^\0two).
Rule 2 and Rule 4 cause pairs of circumflexes to be replaced by single
circumflexes.
----
^one^two
Current @one@two
Proposed @one@two
^one^^two
Current @one^two
Proposed @one^two
^one^^^two
Current @one^^two
Proposed @one^@two
^one^^^^two
Current @one^^@two
Proposed @one^^two
^one^^^^^two
Current @one^^^two
Proposed @one^^@two
^one^two^^
Current @one@two^
Proposed @one@two^
^one^two^^^^
Current @one@two^^
Proposed @one@two^^
^^^@^^one^^^@^^two
Current ^^@^one^^@^two
Proposed @^one@^two
^one^^^two
Current @one^^two
Proposed @one^@two
--
You are receiving this mail because:
You are on the CC list for the bug.