INN commit: trunk/nnrpd (commands.c nnrpd.c)

Sun Sep 7 14:05:22 UTC 2008

Date: Sunday, September 7, 2008 @ 07:05:22
  Author: iulius
Revision: 8018

* Fix the behaviour of
    AUTHINFO PASS my password with spaces
  which was parsed as
    AUTHINFO PASS my
  We now return 501.

* The arguments of the program for AUTHINFO GENERIC are optional.

Modified:
  trunk/nnrpd/commands.c
  trunk/nnrpd/nnrpd.c

------------+
 commands.c |   19 ++++++++++++++-----
 nnrpd.c    |    3 +--
 2 files changed, 15 insertions(+), 7 deletions(-)

Modified: commands.c
===================================================================

--- commands.c	2008-09-07 13:44:20 UTC (rev 8017)
+++ commands.c	2008-09-07 14:05:22 UTC (rev 8018)
@@ -168,10 +168,9 @@
 
 /*
 **  The AUTHINFO command.
-**  Arguments are used (ac is used for SASL).
 */
 void
-CMDauthinfo(int ac UNUSED, char *av[])
+CMDauthinfo(int ac, char *av[])
 {
     static char	User[SMBUF];
     static char	Password[SMBUF];
@@ -183,6 +182,7 @@
 
 	strlcpy(PERMuser, "<none>", sizeof(PERMuser));
 
+        /* Arguments are checked by PERMgeneric(). */
 	switch (PERMgeneric(av, accesslist, sizeof(accesslist))) {
 	    case 1:
 		PERMspecified = NGgetlist(&PERMreadlist, accesslist);
@@ -208,14 +208,19 @@
 
 #ifdef HAVE_SASL
     } else if (strcasecmp(av[1], "SASL") == 0) {
+        /* Arguments are checked by SASLauth(). */
 	SASLauth(ac, av);
 #endif /* HAVE_SASL */
 
     } else {
         /* Each time AUTHINFO USER is used, the new username is cached. */
         if (strcasecmp(av[1], "USER") == 0) {
+            if (ac > 3) {
+                Reply("%d No whitespace allowed in username\r\n", NNTP_ERR_SYNTAX);
+                return;
+            }
             strlcpy(User, av[2], sizeof(User));
-            Reply("%d Enter passphrase\r\n", NNTP_CONT_AUTHINFO);
+            Reply("%d Enter password\r\n", NNTP_CONT_AUTHINFO);
             return;
         }
 
@@ -232,6 +237,11 @@
             return;
         }
 
+        if (ac > 3) {
+            Reply("%d No whitespace allowed in password\r\n", NNTP_ERR_SYNTAX);
+            return;
+        }
+
         /* There is a cached username and a password is provided. */
         strlcpy(Password, av[2], sizeof(Password));
 
@@ -319,8 +329,7 @@
 
 
 /*
-**  Display new newsgroups since a given date and time for specified
-**  <distributions>.
+**  Display new newsgroups since a given date and time.
 */
 void
 CMDnewgroups(int ac, char *av[])

Modified: nnrpd.c
===================================================================
--- nnrpd.c	2008-09-07 13:44:20 UTC (rev 8017)
+++ nnrpd.c	2008-09-07 14:05:22 UTC (rev 8018)
@@ -110,7 +110,7 @@
 #ifdef HAVE_SASL
         "|SASL mech [init-resp]"
 #endif
-        "|GENERIC prog args" },
+        "|GENERIC prog [args ...]" },
     {	"BODY",		CMDfetch,	true,	1,	2,
 	CMDfetchhelp },
     {	"DATE",		CMDdate,	false,	1,	1,
@@ -684,7 +684,6 @@
 }
 
 
-/* ARGSUSED0 */
 int
 main(int argc, char *argv[])
 {

