From: David Levine <levinedl@acm.org>
Date: Fri, 11 Sep 2020 00:55:26 +0000 (-0400)
Subject: Fixed memory corruption in post(1) and inc(1) when using XOAUTH2.
X-Git-Url: https://diplodocus.org/git/nmh/commitdiff_plain/be5ee307cc4ab5db4387fea8d5f6b8caf748ab31?hp=4d5d51e903a42c23800540930244448c4aacae16

Fixed memory corruption in post(1) and inc(1) when using XOAUTH2.

An internal table for the oauth entries was initially sized at 4,
and then reallocated if the user had more than 4.  However, the
reallocation didn't account for the size of the allocated
structure.

Also, increased the initial size to 16, trading off slightly
increased memory usage for performance.

Fix to commit 29ff4f879.
---

diff --git a/docs/pending-release-notes b/docs/pending-release-notes
index a2c415c9..fb18fde8 100644
--- a/docs/pending-release-notes
+++ b/docs/pending-release-notes
@@ -57,3 +57,5 @@ BUG FIXES
   component.
 - Fixed source charset in mhfixmsg textcharset verbose output.
 - Fixed file descriptor leak in mhfixmsg when run on multiple input files.
+- Fixed memory corruption in post(1) and inc(1) when using XOAUTH2,
+  with 4 or more entries in the oauth-authservice file.
diff --git a/sbr/oauth.c b/sbr/oauth.c
index 0c13f3bf..c4509fda 100644
--- a/sbr/oauth.c
+++ b/sbr/oauth.c
@@ -590,7 +590,8 @@ find_or_alloc_user_creds(struct user_creds user_creds[], const char *user)
     }
     if (user_creds->alloc == user_creds->len) {
         user_creds->alloc *= 2;
-        user_creds->creds = mh_xrealloc(user_creds->creds, user_creds->alloc);
+        user_creds->creds = mh_xrealloc(user_creds->creds,
+                                        user_creds->alloc * sizeof *user_creds->creds);
     }
     creds = user_creds->creds+user_creds->len;
     user_creds->len++;
@@ -625,7 +626,7 @@ load_creds(struct user_creds **result, FILE *fp, mh_oauth_ctx *ctx)
 
     struct user_creds *user_creds;
     NEW(user_creds);
-    user_creds->alloc = 4;
+    user_creds->alloc = 16;
     user_creds->len = 0;
     user_creds->creds = mh_xmalloc(user_creds->alloc * sizeof *user_creds->creds);
 
diff --git a/test/oauth/test-send b/test/oauth/test-send
index 4d5a850a..3d1a7bd6 100755
--- a/test/oauth/test-send
+++ b/test/oauth/test-send
@@ -156,6 +156,65 @@ test_send
 
 check_creds
 
+# TEST
+start_test 'fill all slots in creds table'
+
+setup_draft
+
+fake_creds <<EOF
+access-nobody@example.com: test-access
+refresh-nobody@example.com: test-refresh
+expire-nobody@example.com: 2000000000
+access-nobody2@example.com: test-access
+refresh-nobody2@example.com: test-refresh
+expire-nobody2@example.com: 2000000000
+access-nobody3@example.com: test-access
+refresh-nobod3y@example.com: test-refresh
+expire-nobody3@example.com: 2000000000
+access-nobody4@example.com: test-access
+refresh-nobody4@example.com: test-refresh
+expire-nobody4@example.com: 2000000000
+access-nobody5@example.com: test-access
+refresh-nobody5@example.com: test-refresh
+expire-nobody5@example.com: 2000000000
+access-nobody6@example.com: test-access
+refresh-nobody6@example.com: test-refresh
+expire-nobody6@example.com: 2000000000
+access-nobody7@example.com: test-access
+refresh-nobody7@example.com: test-refresh
+expire-nobody7@example.com: 2000000000
+access-nobody8@example.com: test-access
+refresh-nobody8@example.com: test-refresh
+expire-nobody8@example.com: 2000000000
+access-nobody9@example.com: test-access
+refresh-nobody9@example.com: test-refresh
+expire-nobody9@example.com: 2000000000
+access-nobody10@example.com: test-access
+refresh-nobody10@example.com: test-refresh
+expire-nobody10@example.com: 2000000000
+access-nobody11@example.com: test-access
+refresh-nobody11@example.com: test-refresh
+expire-nobody11@example.com: 2000000000
+access-nobody12@example.com: test-access
+refresh-nobody12@example.com: test-refresh
+expire-nobody12@example.com: 2000000000
+access-nobody13@example.com: test-access
+refresh-nobody13@example.com: test-refresh
+expire-nobody13@example.com: 2000000000
+access-nobody14@example.com: test-access
+refresh-nobody14@example.com: test-refresh
+expire-nobody14@example.com: 2000000000
+access-nobody15@example.com: test-access
+refresh-nobody15@example.com: test-refresh
+expire-nobody15@example.com: 2000000000
+access-nobody16@example.com: test-access
+refresh-nobody16@example.com: test-refresh
+expire-nobody16@example.com: 2000000000
+EOF
+
+start_fakesmtp
+run_test "send -draft -server 127.0.0.1 -port ${smtp_port} -sasl -saslmech xoauth2 -authservice test -user nobody@example.com"
+
 #
 # fail cases
 #