https://bugs.exim.org/show_bug.cgi?id=2687
Bug ID: 2687 Summary: AUTH PLAIN should provide better support for quoting circumflexes Product: Exim Version: 4.94 Hardware: x86 OS: All Status: NEW Severity: bug Priority: medium Component: SMTP Authentication Assignee: jgh146...@wizmail.org Reporter: earl_c...@yahoo.com CC: exim-dev@exim.org Created attachment 1356 --> https://bugs.exim.org/attachment.cgi?id=1356&action=edit Test program illustrating defect, and a proposed solution According to https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_plaintext_authenticator.html - > If there are any single circumflex characters in the string, they are > converted to NULs. Should an actual circumflex be required as data, it must > be doubled in the string. The present implementation (auths/get_data.c) uses the following: /* The character ^ is used as an escape for a binary zero character, which is needed for the PLAIN mechanism. It must be doubled if really needed. */ for (int i = 0; i < len; i++) if (ss[i] == '^') if (ss[i+1] != '^') ss[i] = 0; else if (--len > ++i) memmove(ss + i, ss + i + 1, len - i); This has a odd behaviours in the following scenarios: 1. Quoting consecutive circumflexes (ie ^^^^) 2. Ending a word with a circumflex (ie word^^^) before a nul 3. Starting a word with a circumflex (ie ^^^word) after a nul The attached test program illustrates the present behaviour ("current") and compares it with proposed behaviour ("proposed"). (Note that the test output uses @ in place of nul to the sake of legibility.) Options: 1. Just fix the behaviour. This might break some existing configurations, and does not address the gap that it is presently not possible to start a word with a circumflex. 2. Add a way to indicate a new encoding that both fixes the behaviour, and allows a word to start with a circumflex. 3. Try to incorporate a fix, and to allow a word to start with a circumflex, using the present encoding. The remainder of this report makes a proposal for (3), leaving options for (1) and (2) for consideration by others. The proposed syntax is somewhat odd so that the chance of breaking existing configurations is reduced, while keeping the idea that pairs of circumflexes are replaced by a single circumflex. It makes use of the fact that presently three consecutive circumflexes is not useful because it results in two circumflexes (IOW ^^^ results in ^^). 1. Two consecutive circumflexes followed by ^@ are replaced by a single nul. (^^^@ -> \0) 2. Two consecutive circumflexes followed by ^^ are replaced by a pair of circumflexes. (^^^^ -> ^^) 3. Three consecutive circumflexes followed by x, where is neither @ nor ^, are replaced by a single circumflex, a single nul, and x. (^^^x -> ^\0x) 4. Two consecutive circumflexes are replaced by a single circumflex. (^^ -> ^) 5. A single circumflex is replaced by a single nul. (^ -> \0) Rule 1 can be used to start a word with a circumflex (eg ^^^@^^one^^^@^^two -> \0^one\0^two). Rule 3 can be used to end a word with a circumflex (eg ^one^^^two -> \0one^\0two). Rule 2 and Rule 4 cause pairs of circumflexes to be replaced by single circumflexes. ---- ^one^two Current @one@two Proposed @one@two ^one^^two Current @one^two Proposed @one^two ^one^^^two Current @one^^two Proposed @one^@two ^one^^^^two Current @one^^@two Proposed @one^^two ^one^^^^^two Current @one^^^two Proposed @one^^@two ^one^two^^ Current @one@two^ Proposed @one@two^ ^one^two^^^^ Current @one@two^^ Proposed @one@two^^ ^^^@^^one^^^@^^two Current ^^@^one^^@^two Proposed @^one@^two ^one^^^two Current @one^^two Proposed @one^@two -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##