From 409d304e0aafd747997f01105c07ced36917a514 Mon Sep 17 00:00:00 2001 From: "Rob Swindell (on Debian Linux)" <rob@synchro.net> Date: Sat, 16 Sep 2023 12:04:56 -0700 Subject: [PATCH] Fix error when client supplies invalid Base64 string during auth IIRC, the error was undefined has no properties or split() is not a function, something like that. --- exec/imapservice.js | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/exec/imapservice.js b/exec/imapservice.js index 6e4c2a578e..a760bc2d4a 100644 --- a/exec/imapservice.js +++ b/exec/imapservice.js @@ -891,7 +891,12 @@ var unauthenticated_command_handlers = { } client.socket.send("+\r\n"); line=client.socket.recvline(10240, 1800); - args=base64_decode(line).split(/\x00/); + line=base64_decode(line); + if(!line) { + tagged("NO", "Wrong format"); + return; + } + args=line.split(/\x00/); if(args === null || (!login(args[1],args[2]))) { tagged(tag, "NO", "No AUTH for you."); return; @@ -904,7 +909,12 @@ var unauthenticated_command_handlers = { challenge = '<'+random(2147483647)+"."+time()+"@"+system.host_name+'>'; client.socket.send("+ "+base64_encode(challenge)+"\r\n"); line=client.socket.recvline(10240, 1800); - args=base64_decode(line).split(/ /); + line=base64_decode(line); + if(!line) { + tagged("NO", "Wrong format"); + return; + } + args=line.split(/ /); un = system.matchuser(args[0], false); if (un == 0) { tagged(tag, "NO", "No AUTH for you."); -- GitLab