Auths: in plaintext authenticator, fix parsing of consecutive circuflex. Bug 2687

(cherry picked from commit ca22cc0abe93c28f3d296d99c239413bb0d079c4)

3 files changed, 23 insertions, 3 deletions

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index d7a7f8516..112234bd9 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -27643,7 +27643,14 @@ fixed_plain:
   client_send = ^username^mysecret
 .endd
 The lack of colons means that the entire text is sent with the AUTH
-command, with the circumflex characters converted to NULs. A similar example
+command, with the circumflex characters converted to NULs.
+.new
+Note that due to the ambiguity of parsing three consectutive circumflex characters
+there is no way to provide a password having a leading circumflex.
+.wen
+
+
+A similar example
 that uses the LOGIN mechanism is:
 .code
 fixed_login:
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 888bd828b..d5a98071b 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -131,6 +131,13 @@ JH/33 Fix a taint trap in the ${listextract } expansion when the source data
 
 JH/35 Bug 2343: Harden exim_tidydb against corrupt wait- files.
 
+JH/36 Bug 2687: Fix interpretation of multiple ^ chars in a plaintext
+      authenticator client_send option.  Previously the next char, after a pair
+      was collapsed, was taken verbatim (so ^^^foo became ^^foo; ^^^^foo became
+      ^^\x00foo). Fixed to get ^\x00foo and ^^foo respectively to match the
+      documentation.  There is still no way to get a leading ^ immediately
+      after a NUL (ie. for the password of a PLAIN method authenticator.
+
 
 Exim version 4.94
 -----------------
diff --git a/src/src/auths/get_data.c b/src/src/auths/get_data.c
index 602a1181a..88359658a 100644
--- a/src/src/auths/get_data.c
+++ b/src/src/auths/get_data.c
@@ -168,14 +168,20 @@ if (!ss)
 len = Ustrlen(ss);
 
 /* The character ^ is used as an escape for a binary zero character, which is
-needed for the PLAIN mechanism. It must be doubled if really needed. */
+needed for the PLAIN mechanism. It must be doubled if really needed.
+
+The parsing ambiguity of ^^^ is taken as ^^ -> ^ ; ^ -> NUL - and there is
+no way to get a leading ^ after a NUL.  We would need to intro new syntax to
+support that (probably preferring to take a more-standard exim list as a source
+and concat the elements with intervening NULs.  Either a magic marker on the
+source string for client_send, or a new option). */
 
 for (int i = 0; i < len; i++)
   if (ss[i] == '^')
     if (ss[i+1] != '^')
       ss[i] = 0;
     else
-      if (--len > ++i) memmove(ss + i, ss + i + 1, len - i);
+      if (--len > i+1) memmove(ss + i + 1, ss + i + 2, len - i);
 
 /* The first string is attached to the AUTH command; others are sent
 unembellished. */