SASL patches

Sat, 25 Apr 2020 14:22:39 -0700 

Hi,

Please find attached two patches against v1.3.1 that,

1) increase the buffer size for passwords obtained via PassCmd
2) fix a seemingly faulty check in the SASL code.

Regarding (1): I am trying to use isync/mbsync with the XOAUTH2 SASL plugin in
order to sync my Gmail mail without having to use their "less secure apps"
feature. The current buffer is only 80 bytes long and there's no check to see
if we retrieved too much from PassCmd, thus silently truncating the password if
too long. OAuth access tokens easily exceed the 80 byte limit, so I simply
bumped it up to 512.

Regarding (2): It seems that this code would never have worked as the
if-statement appears to be inverted.

In case it matters, I am using the following SASL plugin for XOAUTH2
https://github.com/moriyoshi/cyrus-sasl-xoauth2

Thanks,

Felix Schlitter

>From 54f7d1d7a6cd8fd6a49032df62902299d6898875 Mon Sep 17 00:00:00 2001
From: Felix Schlitter <felixschlit...@protonmail.com>
Date: Sun, 26 Apr 2020 07:47:38 +1200
Subject: [PATCH 1/2] Increase SASL password buffer size

---
 src/drv_imap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/drv_imap.c b/src/drv_imap.c
index 361d01c..929242f 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -1867,7 +1867,7 @@ ensure_password( imap_server_conf_t *srvc )
 	if (cmd) {
 		FILE *fp;
 		int ret;
-		char buffer[80];
+		char buffer[512];
 
 		if (*cmd == '+') {
 			flushn();
-- 
2.19.1


>From 3556773e38ce9b76a934c8dce295c47c77711575 Mon Sep 17 00:00:00 2001
From: Felix Schlitter <felixschlit...@protonmail.com>
Date: Sun, 26 Apr 2020 07:47:56 +1200
Subject: [PATCH 2/2] Fix ctx->sasl_cont check

---
 src/drv_imap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/drv_imap.c b/src/drv_imap.c
index 929242f..b2725c4 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -2020,7 +2020,7 @@ do_sasl_auth( imap_store_t *ctx, imap_cmd_t *cmdp ATTR_UNUSED, const char *promp
 	sasl_interact_t *interact = NULL;
 	conn_iovec_t iov[2];
 
-	if (!ctx->sasl_cont) {
+	if (ctx->sasl_cont) {
 		error( "Error: IMAP wants more steps despite successful SASL authentication.\n" );
 		goto bail;
 	}
-- 
2.19.1


_______________________________________________
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel






















					Reply via email to