Null-terminate buffer in mbx_copy() in dropsbr.c. Noticed by

[nmh] / mts / smtp / smtp.c

diff --git a/mts/smtp/smtp.c b/mts/smtp/smtp.c
index 08b77498631f93c75671ce06c6a292e72943f7a2..7177e5d59ea330f086a2323f4576dcbb0042980f 100644 (file)
--- a/mts/smtp/smtp.c
+++ b/mts/smtp/smtp.c
@@ -9,7 +9,6 @@
 #include <h/mh.h>
 #include "smtp.h"
 #include <h/mts.h>
-#include <signal.h>
 #include <h/signals.h>
 
 #ifdef CYRUS_SASL
@@ -819,7 +818,7 @@ sm_auth_sasl(char *user, int saslssf, char *mechlist, char *inhost)
     sasl_security_properties_t secprops;
     sasl_ssf_t *ssf;
     int *outbufmax;
-    char *pass = NULL;
+    struct nmh_creds creds = { 0, 0, 0 };
 
     /*
      * Initialize the callback contexts
@@ -855,12 +854,15 @@ sm_auth_sasl(char *user, int saslssf, char *mechlist, char *inhost)
        strncpy(host, inhost, sizeof(host) - 1);
     }
 
-    callbacks[SM_SASL_N_CB_USER].context = user;
-    callbacks[SM_SASL_N_CB_AUTHNAME].context = user;
+    nmh_get_credentials (host, user, 0, &creds);
 
+    /* It's OK to copy the creds pointers here.  The callbacks that
+       use them will only be called before this function returns. */
+    callbacks[SM_SASL_N_CB_USER].context = creds.user;
+    callbacks[SM_SASL_N_CB_AUTHNAME].context = creds.user;
     sasl_pw_context[0] = host;
-    sasl_pw_context[1] = user;
-    sasl_pw_context[2] = pass;
+    sasl_pw_context[1] = creds.user;
+    sasl_pw_context[2] = creds.password;
 
     callbacks[SM_SASL_N_CB_PASS].context = sasl_pw_context;
 
@@ -961,7 +963,6 @@ sm_auth_sasl(char *user, int saslssf, char *mechlist, char *inhost)
        } else {
            result = sasl_decode64(sm_reply.text, sm_reply.length,
                                   outbuf, sizeof(outbuf), &outlen);
-       
            if (result != SASL_OK) {
                smtalk(SM_AUTH, "*");
                sm_ierror("SASL base64 decode failed: %s",