fix CRAM-MD5 authentication
the decoded challenge may be padded, so we really need to use strlen() rather than just the decoded length.
This commit is contained in:
parent
e07de2a336
commit
842aa402c3
|
@ -679,7 +679,7 @@ cram( const char *challenge, const char *user, const char *pass, char **_final,
|
||||||
{
|
{
|
||||||
char *response, *final;
|
char *response, *final;
|
||||||
unsigned hashlen;
|
unsigned hashlen;
|
||||||
int i, clen, rlen, blen, flen, olen;
|
int i, clen, blen, flen, olen;
|
||||||
unsigned char hash[16];
|
unsigned char hash[16];
|
||||||
char buf[256], hex[33];
|
char buf[256], hex[33];
|
||||||
HMAC_CTX hmac;
|
HMAC_CTX hmac;
|
||||||
|
@ -689,8 +689,8 @@ cram( const char *challenge, const char *user, const char *pass, char **_final,
|
||||||
clen = strlen( challenge );
|
clen = strlen( challenge );
|
||||||
/* response will always be smaller than challenge because we are decoding. */
|
/* response will always be smaller than challenge because we are decoding. */
|
||||||
response = nfcalloc( 1 + clen );
|
response = nfcalloc( 1 + clen );
|
||||||
rlen = EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen );
|
EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen );
|
||||||
HMAC_Update( &hmac, (unsigned char *)response, rlen );
|
HMAC_Update( &hmac, (unsigned char *)response, strlen( response ) );
|
||||||
free( response );
|
free( response );
|
||||||
|
|
||||||
hashlen = sizeof(hash);
|
hashlen = sizeof(hash);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user