Merge remote-tracking branch 'remotes/aleshaczech/master'

pear · Sep 23, 2022 · da3c239 · da3c239
2 parents acbc66f + 2c895d5
commit da3c239
Showing 1 changed file with 23 additions and 2 deletions.
diff --git a/Net/SMTP.php b/Net/SMTP.php
@@ -1029,8 +1029,29 @@ protected function authGSSAPI($uid, $pwd, $authz = '')
     public function authXOAuth2($uid, $token, $authz, $conn)
     {
         $auth = base64_encode("user=$uid\1auth=$token\1\1");
-        if (PEAR::isError($error = $this->put('AUTH', 'XOAUTH2 ' . $auth))) {
-            return $error;
+
+        // Maximum length of the base64-encoded token to be sent in the initial response is 497 bytes, according to
+        // RFC 4954 (https://datatracker.ietf.org/doc/html/rfc4954); for longer tokens an empty initial
+        // response MUST be sent and the token must be sent separately
+        // (497 bytes = 512 bytes /SMTP command length limit/ - 13 bytes /"AUTH XOAUTH2 "/ - 2 bytes /CRLF/)
+        if (strlen($auth) <= 497) {
+            if (PEAR::isError($error = $this->put('AUTH', 'XOAUTH2 ' . $auth))) {
+                return $error;
+            }
+        } else {
+            if (PEAR::isError($error = $this->put('AUTH', 'XOAUTH2'))) {
+                return $error;
+            }
+
+            // server is expected to respond with 334
+            if (PEAR::isError($error = $this->parseResponse(334))) {
+                return $error;
+            }
+
+            // then follows the token
+            if (PEAR::isError($error = $this->put($auth))) {
+                return $error;
+            }
         }
 
         /* 235: Authentication successful or 334: Continue authentication */