Mercurial > nginx

changeset 9447:bfd402b0b41c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mail: reset stale auth credentials with "smtp_auth none;". They might be reused in a session if an SMTP client proceeded unauthenticated after previous invalid authentication attempts. This could confuse an authentication server when passing stale credentials along with "Auth-Method: none". The condition to send the "Auth-Salt" header is similarly refined.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 07 Jul 2025 23:48:44 +0400
parents fc7c24cf42fa
children 40e557c89e20
files src/mail/ngx_mail_auth_http_module.c src/mail/ngx_mail_smtp_handler.c
diffstat 2 files changed, 7 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/mail/ngx_mail_auth_http_module.c	Tue Aug 12 15:55:02 2025 +0400
+++ b/src/mail/ngx_mail_auth_http_module.c	Mon Jul 07 23:48:44 2025 +0400
@@ -1321,7 +1321,10 @@
     b->last = ngx_copy(b->last, passwd.data, passwd.len);
     *b->last++ = CR; *b->last++ = LF;
 
-    if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) {
+    if ((s->auth_method == NGX_MAIL_AUTH_APOP
+         || s->auth_method == NGX_MAIL_AUTH_CRAM_MD5)
+        && s->salt.len)
+    {
         b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1);
         b->last = ngx_copy(b->last, s->salt.data, s->salt.len);
 
--- a/src/mail/ngx_mail_smtp_handler.c	Tue Aug 12 15:55:02 2025 +0400
+++ b/src/mail/ngx_mail_smtp_handler.c	Mon Jul 07 23:48:44 2025 +0400
@@ -782,6 +782,9 @@
 
     ngx_str_set(&s->out, smtp_ok);
 
+    ngx_str_null(&s->login);
+    ngx_str_null(&s->passwd);
+
     return NGX_OK;
 }