commit fcba3a3e29cac83e1b0be47721b98e2c9343516d Author: Oswald Buddenhagen <o...@users.sf.net> Date: Sat Apr 13 10:47:46 2013 +0200
fix CRAM-MD5 authentication the decoded challenge may be padded, so we really need to use strlen() rather than just the decoded length. src/socket.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/socket.c b/src/socket.c index c7eadcd..90c7ca0 100644 --- a/src/socket.c +++ b/src/socket.c @@ -679,7 +679,7 @@ cram( const char *challenge, const char *user, const char *pass, char **_final, { char *response, *final; unsigned hashlen; - int i, clen, rlen, blen, flen, olen; + int i, clen, blen, flen, olen; unsigned char hash[16]; char buf[256], hex[33]; HMAC_CTX hmac; @@ -689,8 +689,8 @@ cram( const char *challenge, const char *user, const char *pass, char **_final, clen = strlen( challenge ); /* response will always be smaller than challenge because we are decoding. */ response = nfcalloc( 1 + clen ); - rlen = EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen ); - HMAC_Update( &hmac, (unsigned char *)response, rlen ); + EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen ); + HMAC_Update( &hmac, (unsigned char *)response, strlen( response ) ); free( response ); hashlen = sizeof(hash); ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel