Mail: xtext encoding (RFC 3461) in XCLIENT LOGIN. #893
Conversation
The XCLIENT command uses xtext encoding for attribute values, as specified in https://www.postfix.org/XCLIENT_README.html. Reported by Igor Morgenstern of Aisle Research.
bcd8afa to
9aabb5d
Compare
|
Added credits. |
avahahn
left a comment
There was a problem hiding this comment.
I see that the escaping is detected with this table:
static uint32_t mail_xtext[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
0x20000801, /* 0010 0000 0000 0000 0000 1000 0000 0001 */
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
/* ~}| {zyx wvut srqp onml kjih gfed cba` */
0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
};and this conditional:
if (escape[*src >> 5] & (1U << (*src & 0x1f))) {I can see how this works but I find it is very much not straightforward. The RFC is very clear that this is doing the correct escaping, but I wonder why not skip all this and just write a conditional like this:
if (*src < 33 || *src > 126 || *src == '=' || *src == '+') {What is the benefit to making it so much less clear?
This goes in line with d4ff561, which added NGX_ESCAPE_MAIL_AUTH for same login/password pair. Actually, using bitmasks is cleaner (and generally more efficient) than explicitly written out character sets with |
The XCLIENT command uses xtext encoding for attribute values, as specified in https://www.postfix.org/XCLIENT_README.html.