Bug #9273 :: _recvLn() hangs during CRAM-MD5 auth sequence

Package home | Report new bug | New search | Development Roadmap

Status: Open | Feedback | All | Closed Since Version 1.4.7

Bug #9273	_recvLn() hangs during CRAM-MD5 auth sequence
Submitted:	2006-11-08 14:49 UTC
From:	oliver at realtsp dot com	Assigned:	amistry
Status:	Closed	Package:	Net_Sieve (version 1.1.5)
PHP Version:	5.1.2	OS:	FreeBSD 5.5
Roadmaps:	(Not assigned)
Subscription	Your email:

Comments Add Comment Add patch

[2006-11-08 14:49 UTC] oliver at realtsp dot com (Oliver Schonrock)

Description:
------------
"IMPLEMENTATION" "Cyrus timsieved v2.2.13"
"SASL" "LOGIN PLAIN CRAM-MD5"

All without TLS or SSL

PLAIN auth works just fine.

CRAM-MD5 hangs until it times out and then succeeds 
causing a long delay during sieve login.

We traced the hang to Line 947 in Sieve.php
$this->_recvLn();

commenting this line out cures the problem.

when we simulate the conversion using telnet, we notice 
that after a 
AUTHENTICATE "CRAM-MD5"

timsieved responds with:
{56}
PDE4NDMyMjA0NDAuNTM2NzQ1MkB0YWthcHVuYS5yZWFsdHNwLmNvbT4=

which is exactly 58 characters (incl newlines)

but then the _recvLn() call expects to read an additional 
line. We do not see what input it is looking for in the 
telnet session, the comment on Line 946 seems to indicate 
that it is waiting for an OK:
   // receive the pending OK

however there does not appear to be an OK due at this 
stage of the Auth process.

Just commenting recvLn() is probably not the correct final 
solution. I guess it was there for something?

Maybe only look for the "OK" in some cases? optional 
parameter to doCmd()? this patch works for me:


--- /usr/local/share/pear/Net/Sieve.php Wed Nov  8 
14:45:53 2006
+++ /usr/local/share/pear/Net/Sieve.php.orig    Wed Nov  8 
14:44:45 2006
@@ -504,7 +504,7 @@
      */
     function _authCRAM_MD5($uid, $pwd, $euser)
     {
-        if ( PEAR::isError( $challenge = 
$this->_doCmd( 'AUTHENTICATE "CRAM-MD5"', false ) ) ) {
+        if ( PEAR::isError( $challenge = 
$this->_doCmd( 'AUTHENTICATE "CRAM-MD5"' ) ) ) {
             $this->_error=challenge ;
             return challenge ;
         }
@@ -872,7 +872,7 @@
     * @param string $cmd The command to send
     * @return mixed Reponse string if an OK response, 
PEAR_Error if a NO response
     */
-    function _doCmd($cmd = '', $expect_ok = true )
+    function _doCmd($cmd = '' )
     {
         $referralCount=0;
         while($referralCount < $this->_maxReferralCount )
{
@@ -944,7 +944,7 @@
                             echo "S:$line\n";
                         }
                         // receive the pending OK
-                        if ($expect_ok) $this->_recvLn();
+                        $this->_recvLn();
                         return $line;
                     }
                     $response .= $line . "\r\n";






Test script:
---------------
Problem occurs when using latest horde/INGO (1.1.3) with the above timsieved.

Expected result:
----------------
immediate login (IMP logs in immediately)

Actual result:
--------------
very delayed login due to __recvLn() waiting for input 
that never arrives.

Comments

[2006-11-08 14:54 UTC] oliver at realtsp dot com

we tested and the same happens with DIGEST-MD5, the same 
patch fixes that also.

[2006-11-08 15:00 UTC] oliver at realtsp dot com

better patch which comforms to coding standards and 
includes the additional "false" parameter for DIGEST-MD5 
as well.

--- /usr/local/share/pear/Net/Sieve.php Wed Nov  8 
14:56:58 2006
+++ /usr/local/share/pear/Net/Sieve.php.orig    Wed Nov  8 
14:44:45 2006
@@ -504,7 +504,7 @@
      */
     function _authCRAM_MD5($uid, $pwd, $euser)
     {
-        if ( PEAR::isError( $challenge = 
$this->_doCmd( 'AUTHENTICATE "CRAM-MD5"', false ) ) ) {
+        if ( PEAR::isError( $challenge = 
$this->_doCmd( 'AUTHENTICATE "CRAM-MD5"' ) ) ) {
             $this->_error=challenge ;
             return challenge ;
         }
@@ -537,7 +537,7 @@
      */
     function _authDigest_MD5($uid, $pwd, $euser)
     {
-        if ( PEAR::isError( $challenge = 
$this->_doCmd('AUTHENTICATE "DIGEST-MD5"', false) ) ) {
+        if ( PEAR::isError( $challenge = 
$this->_doCmd('AUTHENTICATE "DIGEST-MD5"') ) ) {
             $this->_error=challenge ;
             return challenge ;
         }
@@ -872,7 +872,7 @@
     * @param string $cmd The command to send
     * @return mixed Reponse string if an OK response, 
PEAR_Error if a NO response
     */
-    function _doCmd($cmd = '', $expectOk = true )
+    function _doCmd($cmd = '' )
     {
         $referralCount=0;
         while($referralCount < $this->_maxReferralCount )
{
@@ -943,10 +943,8 @@
                         if($this->_debug){
                             echo "S:$line\n";
                         }
-                        // receive the pending OK if 
expecting one
-                        if ($expectOk) {
-                            $this->_recvLn();
-                        }
+                        // receive the pending OK
+                        $this->_recvLn();
                         return $line;
                     }
                     $response .= $line . "\r\n";

[2006-12-22 00:03 UTC] amistry at php dot net (Anish Mistry)

Would you email me the diff?

Thanks.

[2006-12-22 20:42 UTC] amistry at php dot net (Anish Mistry)

I've applied a different fix to the CVS for this problem.  Please confirm it works for you.  I've just tested it with DIGEST authentication on one of my Sieve servers and it works fine.

[2006-12-22 21:12 UTC] oliver at realtsp dot com

perfect...works nicely for me and is clearly better than 
my patch.

thanks

[2006-12-22 22:42 UTC] amistry at php dot net (Anish Mistry)

This bug has been fixed in CVS.

If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.