base64 functions with SASL in INN

Russ Allbery rra at stanford.edu
Fri Jun 19 19:37:03 UTC 2009


Julien ÉLIE <julien at trigofacile.com> writes:
> Hi Russ,
>
>>> -          inbase64, outlen*2, (unsigned *) &inbase64len);
>>> +          inbase64, outlen*2 + 1, (unsigned *) &inbase64len);
>>>
>>> But I believe it should be "outlen*2 + 10" (and thus, there was
>>> already a bug).
>>
>> It should at most be +8, since we want to have the space to append the
>> CRLF into the same buffer.
>
> OK, that's fine with "+10" then, as that number is used elsewhere
> in imap_connection.

I guess my point is that, in this code, if we tell SASL that it has a
buffer of outlen*2 + 10 and it actually writes to all of that, we won't
be able to append the CRLF, so we'll generate an invalid reply.  If we
tell it we have a buffer of size outlen*2 + 8, we'll be assured that we
have enough space for the CRLF to be appended.

>> This change looks wrong -- it looks like we're telling sasl_encode64
>> that we have a larger buffer than we actually do.  That could lead it to
>> writing beyond the end of the buffer.  I think that argument should be
>> whatever the buffer size really is.
>
> We have:
>
>    char base64[BASE64_BUF_SIZE+1];
>
> Isn't it enough for the size?

Oh!  I missed that.  Then yes, this is fine.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.



More information about the inn-workers mailing list