We could read authid past the buffer if \0password wasn't given in input.

--HG--
branch : HEAD

diff --git a/src/auth/mech-plain.c b/src/auth/mech-plain.c
index d530bee74e78e758afe62f083877f98374dc35dc..f639e6bfa21a1b47b4dace886ebdba310e6b9c26 100644 (file)
--- a/src/auth/mech-plain.c
+++ b/src/auth/mech-plain.c
@@ -42,10 +42,10 @@ mech_plain_auth_continue(struct auth_request *auth_request,
                }
        }
 
-       if (authenid == NULL) {
+       if (count != 2) {
                /* invalid input */
                if (verbose) {
-                       i_info("plain(%s): no username given",
+                       i_info("plain(%s): invalid input",
                               get_log_prefix(auth_request));
                }
                mech_auth_finish(auth_request, NULL, 0, FALSE);