Index: smtp.c
===================================================================
RCS file: /home/cvs/debian/fetchmail/smtp.c,v
retrieving revision 1.6
diff -u -r1.6 smtp.c
--- smtp.c	13 Mar 2002 03:26:15 -0000	1.6
+++ smtp.c	23 Mar 2002 17:04:58 -0000
@@ -71,7 +71,7 @@
 	if (strstr(buf, "CRAM-MD5")) {
 		unsigned char digest[16];
 		static char ascii_digest[33];
-		memset(digest, 0, 16);
+		memset(digest, 0, sizeof(digest));
 
 		if (outlevel >= O_MONITOR)
 			report(stdout, GT_("ESMTP CRAM-MD5 Authentication...\n"));
@@ -89,7 +89,14 @@
 
 		p = strchr(tmp, ' ');
 		p++;
-		from64tobits(b64buf, p, sizeof(b64buf));
+		/* (hmh) from64tobits will not NULL-terminate strings! */
+		if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+			if (outlevel >= O_MONITOR)
+				report(stdout, GT_("Bad base64 reply from server.\n"));
+			SockPrintf(sock, "*\r\n");
+			SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+			return;
+		}
 		if (outlevel >= O_DEBUG)
 			report(stdout, GT_("Challenge decoded: %s\n"), b64buf);
 		hmac_md5(password, strlen(password),
@@ -145,14 +152,27 @@
 
 		p = strchr(tmp, ' ');
 		p++;
-		from64tobits(b64buf, p, sizeof(b64buf));
+		if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+			if (outlevel >= O_MONITOR)
+				report(stdout, GT_("Bad base64 reply from server.\n"));
+			SockPrintf(sock, "*\r\n");
+			SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+			return;
+		}
 		to64frombits(b64buf, username, strlen(username));
 		SockPrintf(sock, "%s\r\n", b64buf);
 		SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
 		strncpy(tmp, smtp_response, sizeof(tmp));
 		p = strchr(tmp, ' ');
 		p++;
-		from64tobits(b64buf, p, sizeof(b64buf));
+		memset(b64buf, 0, sizeof(b64buf));
+		if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+			if (outlevel >= O_MONITOR)
+				report(stdout, GT_("Bad base64 reply from server.\n"));
+			SockPrintf(sock, "*\r\n");
+			SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+			return;
+		}
 		to64frombits(b64buf, password, strlen(password));
 		SockPrintf(sock, "%s\r\n", b64buf);
 		SMTP_ok(sock);
@@ -164,7 +184,7 @@
 /* send a "EHLO" message to the SMTP listener, return extension status bits */
 {
   struct opt *hp;
-  char auth_response[256];
+  char auth_response[511];
 
   SockPrintf(sock,"%cHLO %s\r\n", (smtp_mode == 'S') ? 'E' : smtp_mode, host);
   if (outlevel >= O_MONITOR)