Re: Any info on CVE-2006-1721 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alexei,

1)Any reason for this validation:
(text->realm[0] != 0)) ?

2)What if, 
         (a) realm != NULL 
     and (b) strcmp(realm,text->realm) != 0
     and (c) text->realm[0] == 0 ,  are all true?
If a,b and c are true then it won't return
SASL_BADAUTH
and won't set error to "realm changed: authentication
aborted". But then, has not the realm actually changed
because of (b)? Should we not throw an error then?

Thanks
Biswatosh


--- Alexey Melnikov <alexey.melnikov@xxxxxxxxx> wrote:

> Biswatosh wrote:
> 
> >Thanks Alexei.
> >
> >Cud u or anybody else point out the CMU SASL page
> >where I can get info about what to set CVSROOT to
> and
> >etc?
> >Must I become a member of sasl-cvs? And,then what?
> >
> >Or,to cut it short, please just tell me the lines
> >changed in digestmd5.c for that bug.
> >  
> >
> The patch attached.
> 
> 
> > Index: digestmd5.c
>
===================================================================
> RCS file: /cvs/src/sasl/plugins/digestmd5.c,v
> retrieving revision 1.173
> retrieving revision 1.175
> diff -u -r1.173 -r1.175
> --- digestmd5.c	29 Jul 2004 19:21:57 -0000	1.173
> +++ digestmd5.c	27 Dec 2004 21:30:43 -0000	1.175
> @@ -2242,7 +2242,8 @@
>      }
>  
>      /* Sanity check the parameters */
> -    if (strcmp(realm, text->realm) != 0) {
> +    if (((realm != NULL) && (strcmp(realm,
> text->realm) != 0)) &&
> +	(text->realm[0] != 0)) {
>  	SETERROR(sparams->utils,
>  		 "realm changed: authentication aborted");
>  	result = SASL_BADAUTH;
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux