Opened 11 years ago

Closed 10 years ago

#30 closed defect (fixed)

nnrpd doesn't support passwords with spaces

Reported by: eagle Owned by: eagle
Priority: low Milestone: 2.5.2
Component: nnrpd Version:
Severity: minor Keywords: compliance
Cc:

Description

The NNTP protocol uses whitespace as a command and argument separator, which means that passwords containing whitespace don't work. The generic NNTP parser in nnrpd throws away the tail end of the password or produces a syntax error.

However, since the password is the last argument, we can hack around this problem. Here's a patch from Jeffrey M. Vinocur from 2001 that implements that fix, which may require some updating.

Attachments (2)

misc.c (18.1 KB) - added by eagle 11 years ago.
Replacement misc.c with new Argify()
nnrpd-argify (4.7 KB) - added by eagle 11 years ago.
Patch to make nnrpd use new Argify()

Download all attachments as: .zip

Change History (6)

Changed 11 years ago by eagle

Attachment: misc.c added

Replacement misc.c with new Argify()

Changed 11 years ago by eagle

Attachment: nnrpd-argify added

Patch to make nnrpd use new Argify()

comment:1 Changed 11 years ago by Julien ÉLIE

Keywords: compliance added

comment:2 Changed 11 years ago by Julien ÉLIE

(In [8269]) RFC 4643 states that usernames and passwords can contain spaces.
More generally, they are bytes strings (without NUL, CR and LF).

Now that AUTHINFO SASL is implemented, nnrpd supports that.
This patch fixes the decoding of the news.notice file: innreport
couldn't see usernames with spaces.

Also see #30 (for AUTHINFO USER/PASS where both usernames
and passwords could contain spaces).

comment:3 Changed 10 years ago by Julien ÉLIE

Milestone: 2.5.2

comment:4 Changed 10 years ago by Julien ÉLIE

Resolution: fixed
Status: newclosed

(In [8674]) Add support for whitespaces in usernames/passwords provided
with AUTHINFO USER/PASS. nnrpd was previously considering
as invalid passwords like "a b" (two arguments "a" and "b"
when only one was expected) or parsing " ab" as "ab"
(stripping the leading space).

nnrpd now treats everything after the first whitespace
character following AUTHINFO USER/PASS, up to, but not
including, the CRLF, as the username/password.

Thanks to Jeffrey M. Vinocur for the initial patch.

close #30

Note: See TracTickets for help on using tickets.