Change code in smtp.c and popsbr.c to treat bytes read from the
network as a byte array with a length, and not as a nul-terminated
C string.
This patch removes a call to strlen, which is always satisfying.
diff --git a/mts/smtp/smtp.c b/mts/smtp/smtp.c
index 00efde50..780a61c3 100644
--- a/mts/smtp/smtp.c
+++ b/mts/smtp/smtp.c
@@ -821,11 +821,12 @@ again: ;
if (doingEHLO
&& has_prefix_len(buffer, buflen, "250")
- && (buffer[3] == '-' || doingEHLO == 2)
- && buffer[4]) {
+ && (has_prefix_len(buffer, buflen, "250-") || doingEHLO == 2)
+ && buflen > 4) {
if (doingEHLO == 2) {
- if ((*ehlo = malloc ((size_t) (strlen (buffer + 4) + 1)))) {
- strcpy (*ehlo++, buffer + 4);
+ if ((*ehlo = malloc (buflen - 4 + 1))) {
+ memcpy (*ehlo, buffer + 4, buflen - 4);
+ *(*ehlo++ + buflen - 4) = '\0';
*ehlo = NULL;
if (ehlo >= EHLOkeys + MAXEHLO)
doingEHLO = 0;
@@ -841,8 +842,9 @@ again: ;
continue;
cont = false;
- code = atoi ((char *) bp);
- bp += 3, buflen -= 3;
+ for (code = 0; buflen > 0 && isdigit (*bp); bp++, buflen--) {
+ code = code * 10 + (*bp - '0');
+ }
for (; buflen > 0 && isspace (*bp); bp++, buflen--)
continue;
if (buflen > 0 && *bp == '-') {
@@ -880,7 +882,7 @@ again: ;
continue;
if (sm_reply.code < 100) {
if (sm_verbose) {
- puts(sm_reply.text);
+ printf("%.*s", sm_reply.length, sm_reply.text);
fflush (stdout);
}
goto again;
@@ -1047,7 +1049,8 @@ sm_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata,
}
if (!has_prefix_len(line, len, "334 ")) {
- netsec_err(errstr, "Improper SASL protocol response: %s", line);
+ netsec_err(errstr, "Improper SASL protocol response: %.*s",
+ (int) len, line);
return NOTOK;
}
@@ -1099,9 +1102,11 @@ sm_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata,
if (!has_prefix_len(line, len, "235 ")) {
if (len > 4)
- netsec_err(errstr, "Authentication failed: %s", line + 4);
+ netsec_err(errstr, "Authentication failed: %.*s",
+ (int) len - 4, line + 4);
else
- netsec_err(errstr, "Authentication failed: %s", line);
+ netsec_err(errstr, "Authentication failed: %.*s",
+ (int) len, line);
return NOTOK;
}
break;
diff --git a/uip/popsbr.c b/uip/popsbr.c
index d0059cb2..86fe019e 100644
--- a/uip/popsbr.c
+++ b/uip/popsbr.c
@@ -392,7 +392,7 @@ pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata,
* If the protocol is being followed correctly, should just
* be a "+ ", nothing else.
*/
- if (len != 2 || strcmp(line, "+ ") != 0) {
+ if (len != 2 || strncmp(line, "+ ", 2) != 0) {
netsec_err(errstr, "Did not get expected blank response "
"for initial challenge response");
return NOTOK;
@@ -447,7 +447,7 @@ pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata,
*/
if (has_prefix_len(line, len, "-ERR")) {
- netsec_err(errstr, "%s", line);
+ netsec_err(errstr, "%.*s", (int) len, line);
return NOTOK;
}
@@ -509,7 +509,7 @@ pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata,
return NOTOK;
if (!has_prefix_len(line, len, "+OK")) {
- netsec_err(errstr, "Authentication failed: %s", line);
+ netsec_err(errstr, "Authentication failed: %.*s", (int) len, line);
return NOTOK;
}
break;
