commit 842aa402c339d2394e9f8f25a06319dfcd31ad4b
parent e07de2a33656db2a56d9daf1f39048b3e8c14e88
Author: Oswald Buddenhagen <ossi@users.sf.net>
Date: Sat, 13 Apr 2013 10:47:46 +0200
fix CRAM-MD5 authentication
the decoded challenge may be padded, so we really need to use strlen()
rather than just the decoded length.
Diffstat:
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/socket.c b/src/socket.c
@@ -679,7 +679,7 @@ cram( const char *challenge, const char *user, const char *pass, char **_final,
{
char *response, *final;
unsigned hashlen;
- int i, clen, rlen, blen, flen, olen;
+ int i, clen, blen, flen, olen;
unsigned char hash[16];
char buf[256], hex[33];
HMAC_CTX hmac;
@@ -689,8 +689,8 @@ cram( const char *challenge, const char *user, const char *pass, char **_final,
clen = strlen( challenge );
/* response will always be smaller than challenge because we are decoding. */
response = nfcalloc( 1 + clen );
- rlen = EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen );
- HMAC_Update( &hmac, (unsigned char *)response, rlen );
+ EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen );
+ HMAC_Update( &hmac, (unsigned char *)response, strlen( response ) );
free( response );
hashlen = sizeof(hash);