]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
pop3-login: Properly recognize an empty SASL initial response.
authorStephan Bosch <stephan.bosch@dovecot.fi>
Sat, 25 Nov 2017 14:57:16 +0000 (15:57 +0100)
committerTimo Sirainen <timo.sirainen@dovecot.fi>
Tue, 28 Nov 2017 00:36:19 +0000 (02:36 +0200)
Pass only the empty string to the auth service and not "=".

src/pop3-login/client-authenticate.c

index da419ef78915ffd9e189e745d4b6217f94640dfe..24b9030099e76064a82761fc7427609ab67f2e85 100644 (file)
@@ -80,7 +80,7 @@ bool cmd_auth(struct pop3_client *pop3_client, const char *args)
 {
        struct client *client = &pop3_client->common;
        const struct auth_mech_desc *mech;
-       const char *mech_name, *p;
+       const char *mech_name, *init_resp, *p;
 
        if (*args == '\0') {
                /* Old-style SASL discovery, used by MS Outlook */
@@ -100,13 +100,21 @@ bool cmd_auth(struct pop3_client *pop3_client, const char *args)
        p = strchr(args, ' ');
        if (p == NULL) {
                mech_name = args;
-               args = NULL;
+               /* no initial response */
+               init_resp = NULL;
        } else {
                mech_name = t_strdup_until(args, p);
-               args = p+1;
+               init_resp = p + 1;
+               if (*init_resp == '\0') {
+                       /* no initial response */
+                       init_resp = NULL;
+               } else if (strcmp(init_resp, "=") == 0) {
+                       /* empty initial response */
+                       init_resp = "";
+               }
        }
 
-       (void)client_auth_begin(client, mech_name, args);
+       (void)client_auth_begin(client, mech_name, init_resp);
        return TRUE;
 }