git
/
nginx
mirror of https://github.com/nginx/nginx.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Mail: reset stale auth credentials with "smtp_auth none;". 

They might be reused in a session if an SMTP client proceeded
unauthenticated after previous invalid authentication attempts.
This could confuse an authentication server when passing stale
credentials along with "Auth-Method: none".

The condition to send the "Auth-Salt" header is similarly refined.
This commit is contained in:
Sergey Kandaurov 2025-07-07 23:48:44 +04:00 committed by pluknet
parent 765642b86e
commit 9c02c84a74
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/mail/ngx_mail_auth_http_module.c
View File

@ -1321,7 +1321,10 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
b->last = ngx_copy(b->last, passwd.data, passwd.len);
*b->last++ = CR; *b->last++ = LF;
if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) {
if ((s->auth_method == NGX_MAIL_AUTH_APOP
|| s->auth_method == NGX_MAIL_AUTH_CRAM_MD5)
&& s->salt.len)
{
b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1);
b->last = ngx_copy(b->last, s->salt.data, s->salt.len);

3
src/mail/ngx_mail_smtp_handler.c
View File

@ -782,6 +782,9 @@ ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c)
ngx_str_set(&s->out, smtp_ok);
ngx_str_null(&s->login);
ngx_str_null(&s->passwd);
return NGX_OK;
}