isync

mailbox synchronization program
git clone https://git.code.sf.net/p/isync/isync
Log | Files | Refs | README | LICENSE
commit 842aa402c339d2394e9f8f25a06319dfcd31ad4b
parent e07de2a33656db2a56d9daf1f39048b3e8c14e88
Author: Oswald Buddenhagen <ossi@users.sf.net>
Date:   Sat, 13 Apr 2013 10:47:46 +0200

fix CRAM-MD5 authentication

the decoded challenge may be padded, so we really need to use strlen()
rather than just the decoded length.

Diffstat:

Msrc/socket.c | 6+++---


1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/socket.c b/src/socket.c
@@ -679,7 +679,7 @@ cram( const char *challenge, const char *user, const char *pass, char **_final, 
 {
 	char *response, *final;
 	unsigned hashlen;
-	int i, clen, rlen, blen, flen, olen;
+	int i, clen, blen, flen, olen;
 	unsigned char hash[16];
 	char buf[256], hex[33];
 	HMAC_CTX hmac;
@@ -689,8 +689,8 @@ cram( const char *challenge, const char *user, const char *pass, char **_final, 
 	clen = strlen( challenge );
 	/* response will always be smaller than challenge because we are decoding. */
 	response = nfcalloc( 1 + clen );
-	rlen = EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen );
-	HMAC_Update( &hmac, (unsigned char *)response, rlen );
+	EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen );
+	HMAC_Update( &hmac, (unsigned char *)response, strlen( response ) );
 	free( response );
 
 	hashlen = sizeof(hash);