[package] dsniff: fix decoding of POP data

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de> git-svn-id: svn://svn.openwrt.org/openwrt/packages@31187 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-04-04 14:13:47 +00:00 · 2012-04-04 14:13:47 +00:00 · 5a65f01d90
commit 5a65f01d90
parent 7b9859cfc8
1 changed files with 122 additions and 0 deletions
--- a/net/dsniff/patches/001-decode_pop.patch
+++ b/net/dsniff/patches/001-decode_pop.patch
@ -0,0 +1,122 @@
 diff --git a/decode_pop.c b/decode_pop.c
 index 04044f5..767da41 100644
 --- a/decode_pop.c
 +++ b/decode_pop.c
@@ -6,6 +6,8 @@
  * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
  *
  * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $
 + *
 + * Rewritten by Stefan Tomanek 2011 <stefan@pico.ruhr.de>
  */
 #include "config.h"
@@ -45,32 +47,88 @@ int
 decode_pop(u_char *buf, int len, u_char *obuf, int olen)
 {
 	char *p;
 +	char *s;
 +	int n;
 	int i, j;
 +	char *user;
 +	char *password;
 +	enum {
 +		NONE,
 +		AUTHPLAIN,
 +		AUTHLOGIN,
 +		USERPASS
 +	} mode = NONE;
 +
 	obuf[0] = '\0';
 	for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) {
 -		if (strncasecmp(p, "AUTH PLAIN", 10) == 0 ||
 -		    strncasecmp(p, "AUTH LOGIN", 10) == 0) {
 -			strlcat(obuf, p, olen);
 -			strlcat(obuf, "\n", olen);
 -			
 -			/* Decode SASL auth. */
 -			for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) {
 -				strlcat(obuf, p, olen);
 -				j = base64_pton(p, p, strlen(p));
 -				p[j] = '\0';
 -				strlcat(obuf, " [", olen);
 -				strlcat(obuf, p, olen);
 -				strlcat(obuf, "]\n", olen);
 +		if (mode == NONE) {
 +			user = NULL;
 +			password = NULL;
 +			if (strncasecmp(p, "AUTH PLAIN", 10) == 0) {
 +				mode = AUTHPLAIN;
 +				continue;
 +			}
 +			if (strncasecmp(p, "AUTH LOGIN", 10) == 0) {
 +				mode = AUTHLOGIN;
 +				continue;
 +			}
 +			if (strncasecmp(p, "USER ", 5) == 0) {
 +				mode = USERPASS;
 +				/* the traditional login cuts right to the case,
 +				 * so no continue here
 +				 */
 			}
 		}
 -		/* Save regular POP2, POP3 auth info. */
 -		else if (strncasecmp(p, "USER ", 5) == 0 ||
 -			 strncasecmp(p, "PASS ", 5) == 0 ||
 -			 strncasecmp(p, "HELO ", 5) == 0) {
 -			strlcat(obuf, p, olen);
 -			strlcat(obuf, "\n", olen);
 +		printf("(%d) %s\n", mode, p);
 +		if (mode == USERPASS) {
 +			if (strncasecmp(p, "USER ", 5) == 0) {
 +				user = &p[5];
 +			} else if (strncasecmp(p, "PASS ", 5) == 0) {
 +				password = &p[5];
 +			}
 +		}
 +
 +		if (mode == AUTHPLAIN) {
 +			j = base64_pton(p, p, strlen(p));
 +			p[j] = '\0';
 +			n = 0;
 +			s = p;
 +			/* p consists of three parts, divided by \0 */
 +			while (s <= &p[j] && n<=3) {
 +				if (n == 0) {
 +					/* we do not process this portion yet */
 +				} else if (n == 1) {
 +					user = s;
 +				} else if (n == 2) {
 +					password = s;
 +				}
 +				n++;
 +				while (*s) s++;
 +				s++;
 +			}
 +		}
 +
 +		if (mode == AUTHLOGIN) {
 +			j = base64_pton(p, p, strlen(p));
 +			p[j] = '\0';
 +			if (! user) {
 +				user = p;
 +			} else {
 +				password = p;
 +				/* got everything we need :-) */
 +			}
 +		}
 +
 +		if (user && password) {
 +			strlcat(obuf, "\nusername [", olen);
 +			strlcat(obuf, user, olen);
 +			strlcat(obuf, "] password [", olen);
 +			strlcat(obuf, password, olen);
 +			strlcat(obuf, "]\n", olen);
 +
 +			mode = NONE;
 		}
 	}
 	return (strlen(obuf));