[commit] master: fix CRAM-MD5 authentication

Oswald Buddenhagen Sat, 13 Apr 2013 01:55:15 -0700

commit fcba3a3e29cac83e1b0be47721b98e2c9343516d
Author: Oswald Buddenhagen <[email protected]>
Date:   Sat Apr 13 10:47:46 2013 +0200


    fix CRAM-MD5 authentication
    
    the decoded challenge may be padded, so we really need to use strlen()
    rather than just the decoded length.

 src/socket.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/socket.c b/src/socket.c
index c7eadcd..90c7ca0 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -679,7 +679,7 @@ cram( const char *challenge, const char *user, const char 
*pass, char **_final,
 {
        char *response, *final;
        unsigned hashlen;
-       int i, clen, rlen, blen, flen, olen;
+       int i, clen, blen, flen, olen;
        unsigned char hash[16];
        char buf[256], hex[33];
        HMAC_CTX hmac;
@@ -689,8 +689,8 @@ cram( const char *challenge, const char *user, const char 
*pass, char **_final,
        clen = strlen( challenge );
        /* response will always be smaller than challenge because we are 
decoding. */
        response = nfcalloc( 1 + clen );
-       rlen = EVP_DecodeBlock( (unsigned char *)response, (unsigned char 
*)challenge, clen );
-       HMAC_Update( &hmac, (unsigned char *)response, rlen );
+       EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, 
clen );
+       HMAC_Update( &hmac, (unsigned char *)response, strlen( response ) );
        free( response );
 
        hashlen = sizeof(hash);

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel

[commit] master: fix CRAM-MD5 authentication

Reply via email to