net/dsniff/patches/001-decode_pop.patch

   1 diff --git a/decode_pop.c b/decode_pop.c
   2 index 04044f5..767da41 100644
   3 --- a/decode_pop.c
   4 +++ b/decode_pop.c
   5 @@ -6,6 +6,8 @@
   6   * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
   7   *
   8   * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $
   9 + *
  10 + * Rewritten by Stefan Tomanek 2011 <stefan@pico.ruhr.de>
  11   */
  12
  13  #include "config.h"
  14 @@ -45,32 +47,88 @@ int
  15  decode_pop(u_char *buf, int len, u_char *obuf, int olen)
  16  {
  17         char *p;
  18 +       char *s;
  19 +       int n;
  20         int i, j;
  21 +       char *user;
  22 +       char *password;
  23 +       enum {
  24 +               NONE,
  25 +               AUTHPLAIN,
  26 +               AUTHLOGIN,
  27 +               USERPASS
  28 +       } mode = NONE;
  29 +
  30
  31         obuf[0] = '\0';
  32
  33         for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) {
  34 -               if (strncasecmp(p, "AUTH PLAIN", 10) == 0 ||
  35 -                   strncasecmp(p, "AUTH LOGIN", 10) == 0) {
  36 -                       strlcat(obuf, p, olen);
  37 -                       strlcat(obuf, "\n", olen);
  38 -
  39 -                       /* Decode SASL auth. */
  40 -                       for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) {
  41 -                               strlcat(obuf, p, olen);
  42 -                               j = base64_pton(p, p, strlen(p));
  43 -                               p[j] = '\0';
  44 -                               strlcat(obuf, " [", olen);
  45 -                               strlcat(obuf, p, olen);
  46 -                               strlcat(obuf, "]\n", olen);
  47 +               if (mode == NONE) {
  48 +                       user = NULL;
  49 +                       password = NULL;
  50 +                       if (strncasecmp(p, "AUTH PLAIN", 10) == 0) {
  51 +                               mode = AUTHPLAIN;
  52 +                               continue;
  53 +                       }
  54 +                       if (strncasecmp(p, "AUTH LOGIN", 10) == 0) {
  55 +                               mode = AUTHLOGIN;
  56 +                               continue;
  57 +                       }
  58 +                       if (strncasecmp(p, "USER ", 5) == 0) {
  59 +                               mode = USERPASS;
  60 +                               /* the traditional login cuts right to the case,
  61 +                                * so no continue here
  62 +                                */
  63                         }
  64                 }
  65 -               /* Save regular POP2, POP3 auth info. */
  66 -               else if (strncasecmp(p, "USER ", 5) == 0 ||
  67 -                        strncasecmp(p, "PASS ", 5) == 0 ||
  68 -                        strncasecmp(p, "HELO ", 5) == 0) {
  69 -                       strlcat(obuf, p, olen);
  70 -                       strlcat(obuf, "\n", olen);
  71 +               printf("(%d) %s\n", mode, p);
  72 +               if (mode == USERPASS) {
  73 +                       if (strncasecmp(p, "USER ", 5) == 0) {
  74 +                               user = &p[5];
  75 +                       } else if (strncasecmp(p, "PASS ", 5) == 0) {
  76 +                               password = &p[5];
  77 +                       }
  78 +               }
  79 +
  80 +               if (mode == AUTHPLAIN) {
  81 +                       j = base64_pton(p, p, strlen(p));
  82 +                       p[j] = '\0';
  83 +                       n = 0;
  84 +                       s = p;
  85 +                       /* p consists of three parts, divided by \0 */
  86 +                       while (s <= &p[j] && n<=3) {
  87 +                               if (n == 0) {
  88 +                                       /* we do not process this portion yet */
  89 +                               } else if (n == 1) {
  90 +                                       user = s;
  91 +                               } else if (n == 2) {
  92 +                                       password = s;
  93 +                               }
  94 +                               n++;
  95 +                               while (*s) s++;
  96 +                               s++;
  97 +                       }
  98 +               }
  99 +
 100 +               if (mode == AUTHLOGIN) {
 101 +                       j = base64_pton(p, p, strlen(p));
 102 +                       p[j] = '\0';
 103 +                       if (! user) {
 104 +                               user = p;
 105 +                       } else {
 106 +                               password = p;
 107 +                               /* got everything we need :-) */
 108 +                       }
 109 +               }
 110 +
 111 +               if (user && password) {
 112 +                       strlcat(obuf, "\nusername [", olen);
 113 +                       strlcat(obuf, user, olen);
 114 +                       strlcat(obuf, "] password [", olen);
 115 +                       strlcat(obuf, password, olen);
 116 +                       strlcat(obuf, "]\n", olen);
 117 +
 118 +                       mode = NONE;
 119                 }
 120         }
 121         return (strlen(obuf));
 122