fix CRAM-MD5 authentication

the decoded challenge may be padded, so we really need to use strlen()
rather than just the decoded length.
This commit is contained in:
Oswald Buddenhagen 2013-04-13 10:47:46 +02:00
parent e07de2a336
commit 842aa402c3

View File

@ -679,7 +679,7 @@ cram( const char *challenge, const char *user, const char *pass, char **_final,
{
char *response, *final;
unsigned hashlen;
int i, clen, rlen, blen, flen, olen;
int i, clen, blen, flen, olen;
unsigned char hash[16];
char buf[256], hex[33];
HMAC_CTX hmac;
@ -689,8 +689,8 @@ cram( const char *challenge, const char *user, const char *pass, char **_final,
clen = strlen( challenge );
/* response will always be smaller than challenge because we are decoding. */
response = nfcalloc( 1 + clen );
rlen = EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen );
HMAC_Update( &hmac, (unsigned char *)response, rlen );
EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen );
HMAC_Update( &hmac, (unsigned char *)response, strlen( response ) );
free( response );
hashlen = sizeof(hash);