summaryrefslogtreecommitdiff
path: root/network/dsniff/patches/rewrite-and-modernize-POP-decoder.patch
diff options
context:
space:
mode:
Diffstat (limited to 'network/dsniff/patches/rewrite-and-modernize-POP-decoder.patch')
-rw-r--r--network/dsniff/patches/rewrite-and-modernize-POP-decoder.patch128
1 files changed, 128 insertions, 0 deletions
diff --git a/network/dsniff/patches/rewrite-and-modernize-POP-decoder.patch b/network/dsniff/patches/rewrite-and-modernize-POP-decoder.patch
new file mode 100644
index 0000000000..1203a47c91
--- /dev/null
+++ b/network/dsniff/patches/rewrite-and-modernize-POP-decoder.patch
@@ -0,0 +1,128 @@
+
+Debian bug #647583
+Rewrite and modernize POP decoder
+
+diff --git a/decode_pop.c b/decode_pop.c
+index 04044f5..767da41 100644
+--- a/decode_pop.c
++++ b/decode_pop.c
+@@ -6,6 +6,8 @@
+ * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
+ *
+ * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $
++ *
++ * Rewritten by Stefan Tomanek 2011 <stefan@pico.ruhr.de>
+ */
+
+ #include "config.h"
+@@ -45,32 +47,88 @@ int
+ decode_pop(u_char *buf, int len, u_char *obuf, int olen)
+ {
+ char *p;
++ char *s;
++ int n;
+ int i, j;
++ char *user;
++ char *password;
++ enum {
++ NONE,
++ AUTHPLAIN,
++ AUTHLOGIN,
++ USERPASS
++ } mode = NONE;
++
+
+ obuf[0] = '\0';
+
+ for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) {
+- if (strncasecmp(p, "AUTH PLAIN", 10) == 0 ||
+- strncasecmp(p, "AUTH LOGIN", 10) == 0) {
+- strlcat(obuf, p, olen);
+- strlcat(obuf, "\n", olen);
+-
+- /* Decode SASL auth. */
+- for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) {
+- strlcat(obuf, p, olen);
+- j = base64_pton(p, p, strlen(p));
+- p[j] = '\0';
+- strlcat(obuf, " [", olen);
+- strlcat(obuf, p, olen);
+- strlcat(obuf, "]\n", olen);
++ if (mode == NONE) {
++ user = NULL;
++ password = NULL;
++ if (strncasecmp(p, "AUTH PLAIN", 10) == 0) {
++ mode = AUTHPLAIN;
++ continue;
++ }
++ if (strncasecmp(p, "AUTH LOGIN", 10) == 0) {
++ mode = AUTHLOGIN;
++ continue;
++ }
++ if (strncasecmp(p, "USER ", 5) == 0) {
++ mode = USERPASS;
++ /* the traditional login cuts right to the case,
++ * so no continue here
++ */
+ }
+ }
+- /* Save regular POP2, POP3 auth info. */
+- else if (strncasecmp(p, "USER ", 5) == 0 ||
+- strncasecmp(p, "PASS ", 5) == 0 ||
+- strncasecmp(p, "HELO ", 5) == 0) {
+- strlcat(obuf, p, olen);
+- strlcat(obuf, "\n", olen);
++ printf("(%d) %s\n", mode, p);
++ if (mode == USERPASS) {
++ if (strncasecmp(p, "USER ", 5) == 0) {
++ user = &p[5];
++ } else if (strncasecmp(p, "PASS ", 5) == 0) {
++ password = &p[5];
++ }
++ }
++
++ if (mode == AUTHPLAIN) {
++ j = base64_pton(p, p, strlen(p));
++ p[j] = '\0';
++ n = 0;
++ s = p;
++ /* p consists of three parts, divided by \0 */
++ while (s <= &p[j] && n<=3) {
++ if (n == 0) {
++ /* we do not process this portion yet */
++ } else if (n == 1) {
++ user = s;
++ } else if (n == 2) {
++ password = s;
++ }
++ n++;
++ while (*s) s++;
++ s++;
++ }
++ }
++
++ if (mode == AUTHLOGIN) {
++ j = base64_pton(p, p, strlen(p));
++ p[j] = '\0';
++ if (! user) {
++ user = p;
++ } else {
++ password = p;
++ /* got everything we need :-) */
++ }
++ }
++
++ if (user && password) {
++ strlcat(obuf, "\nusername [", olen);
++ strlcat(obuf, user, olen);
++ strlcat(obuf, "] password [", olen);
++ strlcat(obuf, password, olen);
++ strlcat(obuf, "]\n", olen);
++
++ mode = NONE;
+ }
+ }
+ return (strlen(obuf));
+--
+1.7.5.4
+