I have patch netqmail-1.05 with netqmail-1.05-tls-smtpauth-20040207.patch
and have had a problem with both types of AUTH PLAIN. I am always getting
'501 malformed auth input' with either of the following :-
1) AUTH PLAIN with base64 on the same line
2) AUTH PLAIN on its own line followed by base64 on a following line
I have narrowed this down to the version of base64.c that is included in
the patch.
In auth_plain() the following happens :-
if (r = b64decode(authin.s,authin.len,&resp) ...
This is fine, resp.s is a pointer to the decoded input from either type of
AUTH PLAIN command, BUT resp.len is 0. The base64.c shipped in the patch
does not update the len part of the string struct. I have reverted to the
base64.c that shipped originally with Mrs Brisby's patch and all works
fine.
As a point of interest I had a look to see why AUTH LOGIN works fine and
the code for AUTH LOGIN does not use resp.len for anything where as AUTH
PLAIN uses resp.len to see if there is enough information to break it
down into id, user, pass.
I think I am right, I am just suprised that it has not been seen before.
If there is a problem with the base64.c in Mrs Brisby's patch let me know
and I will have a look at fixing the one included in Bill Shupp's patch.
