base64 functions with SASL in INN
Russ Allbery
rra at stanford.edu
Fri Jun 19 19:37:03 UTC 2009
Julien ÉLIE <julien at trigofacile.com> writes:
> Hi Russ,
>
>>> - inbase64, outlen*2, (unsigned *) &inbase64len);
>>> + inbase64, outlen*2 + 1, (unsigned *) &inbase64len);
>>>
>>> But I believe it should be "outlen*2 + 10" (and thus, there was
>>> already a bug).
>>
>> It should at most be +8, since we want to have the space to append the
>> CRLF into the same buffer.
>
> OK, that's fine with "+10" then, as that number is used elsewhere
> in imap_connection.
I guess my point is that, in this code, if we tell SASL that it has a
buffer of outlen*2 + 10 and it actually writes to all of that, we won't
be able to append the CRLF, so we'll generate an invalid reply. If we
tell it we have a buffer of size outlen*2 + 8, we'll be assured that we
have enough space for the CRLF to be appended.
>> This change looks wrong -- it looks like we're telling sasl_encode64
>> that we have a larger buffer than we actually do. That could lead it to
>> writing beyond the end of the buffer. I think that argument should be
>> whatever the buffer size really is.
>
> We have:
>
> char base64[BASE64_BUF_SIZE+1];
>
> Isn't it enough for the size?
Oh! I missed that. Then yes, this is fine.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list