fetchmail-friends
[Top] [All Lists]

Re: [fetchmail]Re: Kerberos4 authentication broken in fetchmail >= 5.9.1

2002-04-10 11:18:02
On Sat, 06 Apr 2002, Ronald Wahl wrote:
diff -uNr fetchmail-5.9.11.orig/base64.c fetchmail-5.9.11/base64.c
--- fetchmail-5.9.11.orig/base64.c    2001-10-03 11:37:33.000000000 +0200
+++ fetchmail-5.9.11/base64.c 2002-04-06 12:20:33.000000000 +0200
@@ -78,17 +78,21 @@
          return(-1);
      in += 4;
      ++len;
-     if (len && len >= maxlen)       /* prevent buffer overflow */
+     if (len && len > maxlen)        /* prevent buffer overflow */
          return(-1);
      *out++ = (DECODE64(digit1) << 2) | (DECODE64(digit2) >> 4);
      if (digit3 != '=')
      {
-         *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2);
          ++len;
+         if (len && len > maxlen)    /* prevent buffer overflow */
+             return(-1);
+         *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2);
          if (digit4 != '=')
          {
-             *out++ = ((DECODE64(digit3) << 6) & 0xc0) | DECODE64(digit4);
              ++len;
+             if (len && len > maxlen)        /* prevent buffer overflow */
+                 return(-1);
+             *out++ = ((DECODE64(digit3) << 6) & 0xc0) | DECODE64(digit4);
          }
      }
     } while 

Good patch, but not good enough. Replace all len && with maxlen &&. This
base64.c function has been utterly fubared for quite a while, it seems...

 #ifdef KERBEROS_V4
+#if 0
      if (ctl->server.authenticate == A_KERBEROS_V4)
      {
          set_timeout(mytimeout);
@@ -901,6 +902,7 @@
          if (err != 0)
              goto cleanUp;
      }
+#endif
 #endif /* KERBEROS_V4 */

Err, why you need to disable the alarm timeout for kerberos IV to work in
your machine?

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh


<Prev in Thread] Current Thread [Next in Thread>