base64 functions with SASL in INN

Russ Allbery rra at
Fri Jun 19 19:37:03 UTC 2009

Julien ÉLIE <julien at> writes:
> Hi Russ,
>>> -          inbase64, outlen*2, (unsigned *) &inbase64len);
>>> +          inbase64, outlen*2 + 1, (unsigned *) &inbase64len);
>>> But I believe it should be "outlen*2 + 10" (and thus, there was
>>> already a bug).
>> It should at most be +8, since we want to have the space to append the
>> CRLF into the same buffer.
> OK, that's fine with "+10" then, as that number is used elsewhere
> in imap_connection.

I guess my point is that, in this code, if we tell SASL that it has a
buffer of outlen*2 + 10 and it actually writes to all of that, we won't
be able to append the CRLF, so we'll generate an invalid reply.  If we
tell it we have a buffer of size outlen*2 + 8, we'll be assured that we
have enough space for the CRLF to be appended.

>> This change looks wrong -- it looks like we're telling sasl_encode64
>> that we have a larger buffer than we actually do.  That could lead it to
>> writing beyond the end of the buffer.  I think that argument should be
>> whatever the buffer size really is.
> We have:
>    char base64[BASE64_BUF_SIZE+1];
> Isn't it enough for the size?

Oh!  I missed that.  Then yes, this is fine.

Russ Allbery (rra at             <>

    Please send questions to the list rather than mailing me directly.
     <> explains why.

More information about the inn-workers mailing list