commit fcba3a3e29cac83e1b0be47721b98e2c9343516d
Author: Oswald Buddenhagen <o...@users.sf.net>
Date: Sat Apr 13 10:47:46 2013 +0200
fix CRAM-MD5 authentication
the decoded challenge may be padded, so we really need to use strlen()
rather than just the decoded length.
src/socket.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/socket.c b/src/socket.c
index c7eadcd..90c7ca0 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -679,7 +679,7 @@ cram( const char *challenge, const char *user, const char
*pass, char **_final,
{
char *response, *final;
unsigned hashlen;
- int i, clen, rlen, blen, flen, olen;
+ int i, clen, blen, flen, olen;
unsigned char hash[16];
char buf[256], hex[33];
HMAC_CTX hmac;
@@ -689,8 +689,8 @@ cram( const char *challenge, const char *user, const char
*pass, char **_final,
clen = strlen( challenge );
/* response will always be smaller than challenge because we are
decoding. */
response = nfcalloc( 1 + clen );
- rlen = EVP_DecodeBlock( (unsigned char *)response, (unsigned char
*)challenge, clen );
- HMAC_Update( &hmac, (unsigned char *)response, rlen );
+ EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge,
clen );
+ HMAC_Update( &hmac, (unsigned char *)response, strlen( response ) );
free( response );
hashlen = sizeof(hash);
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
