* Update to version 2.19.1

* Upgrade UW-IMAP to Panda IMAP from https://github.com/jonabbey/panda-imap. * Replace tabs by spaces in From and Subject fields to control for size in screen of these fields. Change only in index screen display.
author: Eduardo Chappa <chappa@washington.edu> 2013-11-02 02:51:18 -0600
committer: Eduardo Chappa <chappa@washington.edu> 2013-11-02 02:51:18 -0600
commit: 7fe712882b909931088a318c08041b0e7974a000 (patch)
tree: 2770f9b084e2efc7fc55e96e9bf4352cf2ff33a3 /imap/src/c-client/auth_md5.c
parent: bdfc834badee92ceeb2befe02f1d065ced5b9ddf (diff)
download: alpine-7fe712882b909931088a318c08041b0e7974a000.tar.xz
1 files changed, 24 insertions, 24 deletions
diff --git a/imap/src/c-client/auth_md5.c b/imap/src/c-client/auth_md5.c
index 29ab947d..f32ebc88 100644
--- a/imap/src/c-client/auth_md5.c
+++ b/imap/src/c-client/auth_md5.c
@@ -1,13 +1,5 @@
 /* ========================================================================
- * Copyright 1988-2007 University of Washington
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * 
+ * Copyright 2008-2011 Mark Crispin
  * ========================================================================
  */
 
@@ -15,15 +7,20 @@
  * Program:	CRAM-MD5 authenticator
  *
  * Author:	Mark Crispin
- *		Networks and Distributed Computing
- *		Computing & Communications
- *		University of Washington
- *		Administration Building, AG-44
- *		Seattle, WA  98195
- *		Internet: MRC@CAC.Washington.EDU
  *
  * Date:	21 October 1998
- * Last Edited:	30 January 2007
+ * Last Edited:	8 April 2011
+ *
+ * Previous versions of this file were
+ *
+ * Copyright 1988-2007 University of Washington
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
  */
 
 /* MD5 context */
@@ -49,7 +46,8 @@ long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
 char *auth_md5_server (authresponse_t responder,int argc,char *argv[]);
 char *auth_md5_pwd (char *user);
 char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[]);
-char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl);
+char *hmac_md5 (char *hshbuf, char *text,unsigned long tl,char *key,
+		unsigned long kl);
 void md5_init (MD5CONTEXT *ctx);
 void md5_update (MD5CONTEXT *ctx,unsigned char *data,unsigned long len);
 void md5_final (unsigned char *digest,MD5CONTEXT *ctx);
@@ -97,7 +95,7 @@ long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
 		      char *service,NETMBX *mb,void *stream,
 		      unsigned long *trial,char *user)
 {
-  char pwd[MAILTMPLEN];
+  char pwd[MAILTMPLEN],hshbuf[2*MD5DIGLEN + 1];
   void *challenge;
   unsigned long clen;
   long ret = NIL;
@@ -112,7 +110,7 @@ long auth_md5_client (authchallenge_t challenger,authrespond_t responder,
       ret = LONGT;		/* will get a BAD response back */
     }
     else {			/* got password, build response */
-      sprintf (pwd,"%.65s %.33s",user,hmac_md5 (challenge,clen,
+      sprintf (pwd,"%.65s %.33s",user,hmac_md5 (hshbuf,challenge,clen,
 						pwd,strlen (pwd)));
       fs_give ((void **) &challenge);
 				/* send credentials, allow retry if OK */
@@ -146,7 +144,7 @@ static int md5try = MAXLOGINTRIALS;
 char *auth_md5_server (authresponse_t responder,int argc,char *argv[])
 {
   char *ret = NIL;
-  char *p,*u,*user,*authuser,*hash,chal[MAILTMPLEN];
+  char *p,*u,*user,*authuser,*hash,chal[MAILTMPLEN],hshbuf[2*MD5DIGLEN + 1];
   unsigned long cl,pl;
 				/* generate challenge */
   sprintf (chal,"<%lu.%lu@%s>",(unsigned long) getpid (),
@@ -161,7 +159,8 @@ char *auth_md5_server (authresponse_t responder,int argc,char *argv[])
 				/* get password */
       if (p = auth_md5_pwd ((authuser && *authuser) ? authuser : user)) {
 	pl = strlen (p);
-	u = (md5try && !strcmp (hash,hmac_md5 (chal,cl,p,pl))) ? user : NIL;
+	u = (md5try && !strcmp (hash,hmac_md5 (hshbuf,chal,cl,p,pl))) ?
+	  user : NIL;
 	memset (p,0,pl);	/* erase sensitive information */
 	fs_give ((void **) &p);	/* flush erased password */
 				/* now log in for real */
@@ -265,17 +264,18 @@ char *apop_login (char *chal,char *user,char *md5,int argc,char *argv[])
 
 /*
  * RFC 2104 HMAC hashing
- * Accepts: text to hash
+ * Accepts: destination buffer of size 2*MD5DIGLEN + 1
+ *	    text to hash
  *	    text length
  *	    key
  *	    key length
  * Returns: hash as text, always
  */
 
-char *hmac_md5 (char *text,unsigned long tl,char *key,unsigned long kl)
+char *hmac_md5 (char *hshbuf, char *text,unsigned long tl,char *key,
+		unsigned long kl)
 {
   int i,j;
-  static char hshbuf[2*MD5DIGLEN + 1];
   char *s;
   MD5CONTEXT ctx;
   char *hex = "0123456789abcdef";
author	Eduardo Chappa <chappa@washington.edu>	2013-11-02 02:51:18 -0600
committer	Eduardo Chappa <chappa@washington.edu>	2013-11-02 02:51:18 -0600
commit	7fe712882b909931088a318c08041b0e7974a000 (patch)
tree	2770f9b084e2efc7fc55e96e9bf4352cf2ff33a3 /imap/src/c-client/auth_md5.c
parent	bdfc834badee92ceeb2befe02f1d065ced5b9ddf (diff)
download	alpine-7fe712882b909931088a318c08041b0e7974a000.tar.xz