Opened 15 years ago
Closed 14 years ago
#30 closed defect (fixed)
nnrpd doesn't support passwords with spaces
Reported by: | eagle | Owned by: | eagle |
---|---|---|---|
Priority: | low | Milestone: | 2.5.2 |
Component: | nnrpd | Version: | |
Severity: | minor | Keywords: | compliance |
Cc: |
Description
The NNTP protocol uses whitespace as a command and argument separator, which means that passwords containing whitespace don't work. The generic NNTP parser in nnrpd throws away the tail end of the password or produces a syntax error.
However, since the password is the last argument, we can hack around this problem. Here's a patch from Jeffrey M. Vinocur from 2001 that implements that fix, which may require some updating.
Attachments (2)
Change History (6)
Changed 15 years ago by
comment:1 Changed 15 years ago by
Keywords: | compliance added |
---|
comment:2 Changed 15 years ago by
(In [8269]) RFC 4643 states that usernames and passwords can contain spaces.
More generally, they are bytes strings (without NUL, CR and LF).
Now that AUTHINFO SASL is implemented, nnrpd supports that.
This patch fixes the decoding of the news.notice file: innreport
couldn't see usernames with spaces.
Also see #30 (for AUTHINFO USER/PASS where both usernames
and passwords could contain spaces).
comment:3 Changed 14 years ago by
Milestone: | → 2.5.2 |
---|
comment:4 Changed 14 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
(In [8674]) Add support for whitespaces in usernames/passwords provided
with AUTHINFO USER/PASS. nnrpd was previously considering
as invalid passwords like "a b" (two arguments "a" and "b"
when only one was expected) or parsing " ab" as "ab"
(stripping the leading space).
nnrpd now treats everything after the first whitespace
character following AUTHINFO USER/PASS, up to, but not
including, the CRLF, as the username/password.
Thanks to Jeffrey M. Vinocur for the initial patch.
close #30
Replacement misc.c with new Argify()