From bb598d500bcce509fa48ee7134ae632459cf1735 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sun, 27 Oct 2019 17:57:47 -0600 Subject: * Fix a bug in commit 418e8bc5789d... which made Alpine ignore a challenge during authentication using CRAM-MD5. The intention was to ignore the challenge in the PLAIN authentication. This made Alpine fail to authenticate when using the CRAM-MD5 authenticator. Reported by Stefan Mueller. --- imap/src/c-client/auth_pla.c | 2 ++ imap/src/c-client/smtp.c | 12 +++++------- pith/pine.hlp | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/imap/src/c-client/auth_pla.c b/imap/src/c-client/auth_pla.c index 6cc26c7..7888b23 100644 --- a/imap/src/c-client/auth_pla.c +++ b/imap/src/c-client/auth_pla.c @@ -65,11 +65,13 @@ long auth_plain_client (authchallenge_t challenger,authrespond_t responder, /* get initial (empty) challenge */ if ((challenge = (*challenger) (stream,&clen)) != NULL) { fs_give ((void **) &challenge); +#if 0 if (clen) { /* abort if challenge non-empty */ mm_log ("Server bug: non-empty initial PLAIN challenge",WARN); (*responder) (stream,NIL,0); ret = LONGT; /* will get a BAD response back */ } +#endif mm_login (mb,user, &pwd,*trial); if (!pwd) { /* empty challenge or user requested abort */ (*responder) (stream,NIL,0); diff --git a/imap/src/c-client/smtp.c b/imap/src/c-client/smtp.c index c79d9cf..d1c9a7c 100644 --- a/imap/src/c-client/smtp.c +++ b/imap/src/c-client/smtp.c @@ -357,14 +357,12 @@ void *smtp_challenge (void *s,unsigned long *len) char tmp[MAILTMPLEN]; void *ret = NIL; SENDSTREAM *stream = (SENDSTREAM *) s; - if (stream->replycode == SMTPAUTHREADY){ - if(!(ret = rfc822_base64 ((unsigned char *) stream->reply + 4, + if ((stream->replycode == SMTPAUTHREADY) && + !(ret = rfc822_base64 ((unsigned char *) stream->reply + 4, strlen (stream->reply + 4),len))) { - sprintf (tmp,"SMTP SERVER BUG (invalid challenge, continuing): %.80s",stream->reply+4); - mm_log (tmp,ERROR); - ret = cpystr(""); /* This is silly: fake a reply, it will be ignored */ - } - *len = 0L; /* This is even sillier, fake challenge is empty... */ + sprintf (tmp,"SMTP SERVER BUG (invalid challenge, continuing): %.80s",stream->reply+4); + mm_log (tmp,ERROR); + ret = cpystr(""); /* This is silly: fake a reply, it will be ignored */ } return ret; } diff --git a/pith/pine.hlp b/pith/pine.hlp index 5219650..2e7438a 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 373 2019-10-08 21:05:01 +Alpine Commit 374 2019-10-27 17:57:41 ============= h_news ================= -- cgit v1.2.3-54-g00ecf