From ca22cc0abe93c28f3d296d99c239413bb0d079c4 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 12 Jan 2021 15:36:09 +0000 Subject: Auths: in plaintext authenticator, fix parsing of consecutive circuflex. Bug 2687 --- doc/doc-docbook/spec.xfpt | 9 ++++++++- doc/doc-txt/ChangeLog | 7 +++++++ 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 4c79e87cf..15b03eabb 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -27824,7 +27824,14 @@ fixed_plain: client_send = ^username^mysecret .endd The lack of colons means that the entire text is sent with the AUTH -command, with the circumflex characters converted to NULs. A similar example +command, with the circumflex characters converted to NULs. +.new +Note that due to the ambiguity of parsing three consectutive circumflex characters +there is no way to provide a password having a leading circumflex. +.wen + + +A similar example that uses the LOGIN mechanism is: .code fixed_login: diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index d9e979c33..87bf0d009 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -170,6 +170,13 @@ JH/34 Fix the placement of a multiple-message delivery marker in the delivery JH/35 Bug 2343: Harden exim_tidydb against corrupt wait- files. +JH/36 Bug 2687: Fix interpretation of multiple ^ chars in a plaintext + authenticator client_send option. Previously the next char, after a pair + was collapsed, was taken verbatim (so ^^^foo became ^^foo; ^^^^foo became + ^^\x00foo). Fixed to get ^\x00foo and ^^foo respectively to match the + documentation. There is still no way to get a leading ^ immediately + after a NUL (ie. for the password of a PLAIN method authenticator. + Exim version 4.94 ----------------- -- cgit v1.2.3