[package] dsniff: fix decoding of POP data
authorFlorian Fainelli <florian@openwrt.org>
Wed, 4 Apr 2012 14:13:47 +0000 (14:13 +0000)
committerFlorian Fainelli <florian@openwrt.org>
Wed, 4 Apr 2012 14:13:47 +0000 (14:13 +0000)
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 31187

net/dsniff/patches/001-decode_pop.patch [new file with mode: 0644]

diff --git a/net/dsniff/patches/001-decode_pop.patch b/net/dsniff/patches/001-decode_pop.patch
new file mode 100644 (file)
index 0000000..24e1a47
--- /dev/null
@@ -0,0 +1,122 @@
+diff --git a/decode_pop.c b/decode_pop.c
+index 04044f5..767da41 100644
+--- a/decode_pop.c
++++ b/decode_pop.c
+@@ -6,6 +6,8 @@
+  * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
+  *
+  * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $
++ *
++ * Rewritten by Stefan Tomanek 2011 <stefan@pico.ruhr.de>
+  */
+ #include "config.h"
+@@ -45,32 +47,88 @@ int
+ decode_pop(u_char *buf, int len, u_char *obuf, int olen)
+ {
+       char *p;
++      char *s;
++      int n;
+       int i, j;
++      char *user;
++      char *password;
++      enum {
++              NONE,
++              AUTHPLAIN,
++              AUTHLOGIN,
++              USERPASS
++      } mode = NONE;
++
+       
+       obuf[0] = '\0';
+       
+       for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) {
+-              if (strncasecmp(p, "AUTH PLAIN", 10) == 0 ||
+-                  strncasecmp(p, "AUTH LOGIN", 10) == 0) {
+-                      strlcat(obuf, p, olen);
+-                      strlcat(obuf, "\n", olen);
+-                      
+-                      /* Decode SASL auth. */
+-                      for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) {
+-                              strlcat(obuf, p, olen);
+-                              j = base64_pton(p, p, strlen(p));
+-                              p[j] = '\0';
+-                              strlcat(obuf, " [", olen);
+-                              strlcat(obuf, p, olen);
+-                              strlcat(obuf, "]\n", olen);
++              if (mode == NONE) {
++                      user = NULL;
++                      password = NULL;
++                      if (strncasecmp(p, "AUTH PLAIN", 10) == 0) {
++                              mode = AUTHPLAIN;
++                              continue;
++                      }
++                      if (strncasecmp(p, "AUTH LOGIN", 10) == 0) {
++                              mode = AUTHLOGIN;
++                              continue;
++                      }
++                      if (strncasecmp(p, "USER ", 5) == 0) {
++                              mode = USERPASS;
++                              /* the traditional login cuts right to the case,
++                               * so no continue here
++                               */
+                       }
+               }
+-              /* Save regular POP2, POP3 auth info. */
+-              else if (strncasecmp(p, "USER ", 5) == 0 ||
+-                       strncasecmp(p, "PASS ", 5) == 0 ||
+-                       strncasecmp(p, "HELO ", 5) == 0) {
+-                      strlcat(obuf, p, olen);
+-                      strlcat(obuf, "\n", olen);
++              printf("(%d) %s\n", mode, p);
++              if (mode == USERPASS) {
++                      if (strncasecmp(p, "USER ", 5) == 0) {
++                              user = &p[5];
++                      } else if (strncasecmp(p, "PASS ", 5) == 0) {
++                              password = &p[5];
++                      }
++              }
++
++              if (mode == AUTHPLAIN) {
++                      j = base64_pton(p, p, strlen(p));
++                      p[j] = '\0';
++                      n = 0;
++                      s = p;
++                      /* p consists of three parts, divided by \0 */
++                      while (s <= &p[j] && n<=3) {
++                              if (n == 0) {
++                                      /* we do not process this portion yet */
++                              } else if (n == 1) {
++                                      user = s;
++                              } else if (n == 2) {
++                                      password = s;
++                              }
++                              n++;
++                              while (*s) s++;
++                              s++;
++                      }
++              }
++
++              if (mode == AUTHLOGIN) {
++                      j = base64_pton(p, p, strlen(p));
++                      p[j] = '\0';
++                      if (! user) {
++                              user = p;
++                      } else {
++                              password = p;
++                              /* got everything we need :-) */
++                      }
++              }
++
++              if (user && password) {
++                      strlcat(obuf, "\nusername [", olen);
++                      strlcat(obuf, user, olen);
++                      strlcat(obuf, "] password [", olen);
++                      strlcat(obuf, password, olen);
++                      strlcat(obuf, "]\n", olen);
++
++                      mode = NONE;
+               }
+       }
+       return (strlen(obuf));
+