From: Brendan Cully <brendan@kublai.com>
Date: Fri, 8 Sep 2006 17:30:33 +0000 (+0000)
Subject: Don't send protocol garbage to sasl_decode64 during POP authentication.
X-Git-Tag: mutt-1-5-14-rel~77
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f04d7a01565e4ede3968228132077c032bf7cfdc;p=mutt

Don't send protocol garbage to sasl_decode64 during POP authentication.
Also enable SASL plaintext: $foo_authenticators is a more general solution.
---

diff --git a/mutt_sasl.c b/mutt_sasl.c
index f089dea7..21fa0633 100644
--- a/mutt_sasl.c
+++ b/mutt_sasl.c
@@ -221,15 +221,10 @@ int mutt_sasl_client_new (CONNECTION* conn, sasl_conn_t** saslconn)
     return -1;
   }
 
-  /* set security properties. We use NOPLAINTEXT globally, since we can
-   * just fall back to LOGIN in the IMAP case anyway. If that doesn't
-   * work for POP, we can make it a flag or move this code into
-   * imap/auth_sasl.c */
   memset (&secprops, 0, sizeof (secprops));
   /* Work around a casting bug in the SASL krb4 module */
   secprops.max_ssf = 0x7fff;
   secprops.maxbufsize = M_SASL_MAXBUF;
-  secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
   if (sasl_setprop (*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK)
   {
     dprint (1, (debugfile,
diff --git a/pop_auth.c b/pop_auth.c
index 8cb40fc0..930f5713 100644
--- a/pop_auth.c
+++ b/pop_auth.c
@@ -46,8 +46,7 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA *pop_data, const char *method)
   char inbuf[LONG_STRING];
   const char* mech;
   const char *pc = NULL;
-  unsigned int len, olen;
-  unsigned char client_start;
+  unsigned int len, olen, client_start;
 
   if (mutt_sasl_client_new (pop_data->conn, &saslconn) < 0)
   {
@@ -74,7 +73,7 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA *pop_data, const char *method)
     return POP_A_UNAVAIL;
   }
 
-  client_start = (olen > 0);
+  client_start = olen;
 
   mutt_message _("Authenticating (SASL)...");
 
@@ -93,11 +92,11 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA *pop_data, const char *method)
       return POP_A_SOCKET;
     }
 
-    if (rc != SASL_CONTINUE)
+    if (!client_start && rc != SASL_CONTINUE)
       break;
 
     if (!mutt_strncmp (inbuf, "+ ", 2)
-        && sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING-1, &len) != SASL_OK)
+        && sasl_decode64 (inbuf+2, strlen (inbuf+2), buf, LONG_STRING-1, &len) != SASL_OK)
     {
       dprint (1, (debugfile, "pop_auth_sasl: error base64-decoding server response.\n"));
       goto bail;
@@ -112,7 +111,10 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA *pop_data, const char *method)
 	mutt_sasl_interact (interaction);
       }
     else
+    {
+      olen = client_start;
       client_start = 0;
+    }
 
     if (rc != SASL_CONTINUE && (olen == 0 || rc != SASL_OK))
       break;