[exim-dev] [Bug 2687] New: AUTH PLAIN should provide better …

Góra strony
Delete this message
Reply to this message
Autor: admin
Data:  
Dla: exim-dev
Nowe tematy: [exim-dev] [Bug 2687] AUTH PLAIN should provide better support for quoting circumflexes, [exim-dev] [Bug 2687] AUTH PLAIN should provide better support for quoting circumflexes, [exim-dev] [Bug 2687] AUTH PLAIN should provide better support for quoting circumflexes, [exim-dev] [Bug 2687] AUTH PLAIN should provide better support for quoting circumflexes, [exim-dev] [Bug 2687] AUTH PLAIN should provide better support for quoting circumflexes, [exim-dev] [Bug 2687] AUTH PLAIN should provide better support for quoting circumflexes
Temat: [exim-dev] [Bug 2687] New: AUTH PLAIN should provide better support for quoting circumflexes
https://bugs.exim.org/show_bug.cgi?id=2687

            Bug ID: 2687
           Summary: AUTH PLAIN should provide better support for quoting
                    circumflexes
           Product: Exim
           Version: 4.94
          Hardware: x86
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: SMTP Authentication
          Assignee: jgh146exb@???
          Reporter: earl_chew@???
                CC: exim-dev@???


Created attachment 1356
--> https://bugs.exim.org/attachment.cgi?id=1356&action=edit
Test program illustrating defect, and a proposed solution

According to
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_plaintext_authenticator.html
-

> If there are any single circumflex characters in the string, they are
> converted to NULs. Should an actual circumflex be required as data, it must
> be doubled in the string.


The present implementation (auths/get_data.c) uses the following:

/* The character ^ is used as an escape for a binary zero character, which is
needed for the PLAIN mechanism. It must be doubled if really needed. */

for (int i = 0; i < len; i++)
  if (ss[i] == '^')
    if (ss[i+1] != '^')
      ss[i] = 0;
    else
      if (--len > ++i) memmove(ss + i, ss + i + 1, len - i);


This has a odd behaviours in the following scenarios:

1. Quoting consecutive circumflexes (ie ^^^^)
2. Ending a word with a circumflex (ie word^^^) before a nul
3. Starting a word with a circumflex (ie ^^^word) after a nul

The attached test program illustrates the present behaviour ("current") and
compares it with proposed behaviour ("proposed"). (Note that the test output
uses @ in place of nul to the sake of legibility.)

Options:

1. Just fix the behaviour. This might break some existing configurations, and
does not address the gap that it is presently not possible to start a word with
a circumflex.

2. Add a way to indicate a new encoding that both fixes the behaviour, and
allows a word to start with a circumflex.

3. Try to incorporate a fix, and to allow a word to start with a circumflex,
using the present encoding.

The remainder of this report makes a proposal for (3), leaving options for (1)
and (2) for consideration by others.

The proposed syntax is somewhat odd so that the chance of breaking existing
configurations is reduced, while keeping the idea that pairs of circumflexes
are replaced by a single circumflex. It makes use of the fact that presently
three consecutive circumflexes is not useful because it results in two
circumflexes (IOW ^^^ results in ^^).

1. Two consecutive circumflexes followed by ^@ are replaced by a single nul.
(^^^@ -> \0)
2. Two consecutive circumflexes followed by ^^ are replaced by a pair of
circumflexes. (^^^^ -> ^^)
3. Three consecutive circumflexes followed by x, where is neither @ nor ^, are
replaced by a single circumflex, a single nul, and x. (^^^x -> ^\0x)
4. Two consecutive circumflexes are replaced by a single circumflex. (^^ -> ^)
5. A single circumflex is replaced by a single nul. (^ -> \0)

Rule 1 can be used to start a word with a circumflex (eg ^^^@^^one^^^@^^two ->
\0^one\0^two).

Rule 3 can be used to end a word with a circumflex (eg ^one^^^two ->
\0one^\0two).

Rule 2 and Rule 4 cause pairs of circumflexes to be replaced by single
circumflexes.


----

^one^two
Current @one@two
Proposed @one@two

^one^^two
Current @one^two
Proposed @one^two

^one^^^two
Current @one^^two
Proposed @one^@two

^one^^^^two
Current @one^^@two
Proposed @one^^two

^one^^^^^two
Current @one^^^two
Proposed @one^^@two

^one^two^^
Current @one@two^
Proposed @one@two^

^one^two^^^^
Current @one@two^^
Proposed @one@two^^

^^^@^^one^^^@^^two
Current ^^@^one^^@^two
Proposed @^one@^two

^one^^^two
Current @one^^two
Proposed @one^@two

--
You are receiving this mail because:
You are on the CC list for the bug.