crash if AUTH PLAIN followed by non-Base64-encoded string

gen-smtp / gen_smtp

The extensible Erlang SMTP client and server library.

Other

684 stars 267 forks source link

crash if AUTH PLAIN followed by non-Base64-encoded string #84

Open zxcat opened 9 years ago

zxcat commented 9 years ago

File: gen_smtp/src/gen_smtp_server_session.erl. Getting crash here in base64:decode:

<<"PLAIN">> when Parameters =/= false ->
  % TODO - duplicated below in handle_request waitingauth PLAIN
  case binstr:split(base64:decode(Parameters), <<0>>) of

Example: command AUTH PLAIN z will crash server.

mworrell commented 5 years ago

Allowing illegal base64 strings will make the server a bit more robust against random input. (And less noisy in the logs)