W dniu 13.10.2012 13:29, Howard Chu pisze:
Paweł Tomulik wrote:
Hi,
I found that there is problem with ldap-based username canonicalization
(at least in cyrus-sasl-2.1.25).
[...] In the current version
the canonicalization will go as follows:
original login: 12345...@example.tld
canonical val: 1...@example.com
result from sasl: 1...@example.com.tld
What is wrong here is, that in current version of cyrus-sasl the result
buffer
contains garbage at end (the extra '.tld' above). Someone forgot to
append
trailing '\0' to the end of string.
I attach a patch which fixes the issue.
Seems to me the bug is elsewhere. The return value from this function
explicitly provides the length of the result. The caller should be
honoring the length, and not assuming the value is NUL-terminated.
You may be right, but note than '\0' is appended each time the 'buf' is
modified
in this function except this one place. I don't know how the caller is
supposed to
use the canon_user functionality. I found this bug when tried to use
canon_user
and saslauthd (for authentication). The "garbage" was found in saslauthd
logs
(or /var/log/auth.log, I don't remember at this moment).
--
Pawel Tomulik
