Gitweb:
https://git.exim.org/exim.git/commitdiff/ca22cc0abe93c28f3d296d99c239413bb0d079c4
Commit: ca22cc0abe93c28f3d296d99c239413bb0d079c4
Parent: 96d16729c2267491424478e623a492acaec6b35e
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Tue Jan 12 15:36:09 2021 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Tue Jan 12 15:36:09 2021 +0000
Auths: in plaintext authenticator, fix parsing of consecutive circuflex. Bug 2687
---
doc/doc-docbook/spec.xfpt | 9 ++++++++-
doc/doc-txt/ChangeLog | 7 +++++++
src/src/auths/get_data.c | 10 ++++++++--
3 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 4c79e87..15b03ea 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -27824,7 +27824,14 @@ fixed_plain:
client_send = ^username^mysecret
.endd
The lack of colons means that the entire text is sent with the AUTH
-command, with the circumflex characters converted to NULs. A similar example
+command, with the circumflex characters converted to NULs.
+.new
+Note that due to the ambiguity of parsing three consectutive circumflex characters
+there is no way to provide a password having a leading circumflex.
+.wen
+
+
+A similar example
that uses the LOGIN mechanism is:
.code
fixed_login:
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index d9e979c..87bf0d0 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -170,6 +170,13 @@ JH/34 Fix the placement of a multiple-message delivery marker in the delivery
JH/35 Bug 2343: Harden exim_tidydb against corrupt wait- files.
+JH/36 Bug 2687: Fix interpretation of multiple ^ chars in a plaintext
+ authenticator client_send option. Previously the next char, after a pair
+ was collapsed, was taken verbatim (so ^^^foo became ^^foo; ^^^^foo became
+ ^^\x00foo). Fixed to get ^\x00foo and ^^foo respectively to match the
+ documentation. There is still no way to get a leading ^ immediately
+ after a NUL (ie. for the password of a PLAIN method authenticator.
+
Exim version 4.94
-----------------
diff --git a/src/src/auths/get_data.c b/src/src/auths/get_data.c
index 602a118..8835965 100644
--- a/src/src/auths/get_data.c
+++ b/src/src/auths/get_data.c
@@ -168,14 +168,20 @@ if (!ss)
len = Ustrlen(ss);
/* The character ^ is used as an escape for a binary zero character, which is
-needed for the PLAIN mechanism. It must be doubled if really needed. */
+needed for the PLAIN mechanism. It must be doubled if really needed.
+
+The parsing ambiguity of ^^^ is taken as ^^ -> ^ ; ^ -> NUL - and there is
+no way to get a leading ^ after a NUL. We would need to intro new syntax to
+support that (probably preferring to take a more-standard exim list as a source
+and concat the elements with intervening NULs. Either a magic marker on the
+source string for client_send, or a new option). */
for (int i = 0; i < len; i++)
if (ss[i] == '^')
if (ss[i+1] != '^')
ss[i] = 0;
else
- if (--len > ++i) memmove(ss + i, ss + i + 1, len - i);
+ if (--len > i+1) memmove(ss + i + 1, ss + i + 2, len - i);
/* The first string is attached to the AUTH command; others are sent
unembellished. */
