BUG: Garbage in output buffer when using canonuser_plugin: ldapdb, patch included

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I found that there is problem with ldap-based username canonicalization
(at least in cyrus-sasl-2.1.25).

This happens, when the input username is longer than canonical
user name returned from LDAP (note, there is an exception for
the cases, when the attribute defined as canonical name is used
as entry's RDN).

Consider, we have original login 12345678@xxxxxxxxxxx, for which
the canonical name (e.g. uid) returned from LDAP is 1234@xxxxxxxxxxx
(and uid is NOT used as entry's RDN). In the current version
the canonicalization will go as follows:

original login:   12345678@xxxxxxxxxxx
canonical val:    1234@xxxxxxxxxxx
result from sasl: 1234@xxxxxxxxxxxxxxx

What is wrong here is, that in current version of cyrus-sasl the result buffer
contains garbage at end (the extra '.tld' above). Someone forgot to append
trailing '\0' to the end of string.

I attach a patch which fixes the issue.

NOTE: this bug was reported to the maintainers of Debian's package libsasl2-modules-ldap,


but I see no activity since 10 days, so I decided to send it here.

With best regards!

Pawel Tomulik

--- cyrus-sasl-2.1.25.orig/plugins/ldapdb.c	2012-10-13 12:53:09.544716240 +0200
+++ cyrus-sasl-2.1.25.patched/plugins/ldapdb.c	2012-10-13 12:54:59.373188486 +0200
@@ -404,6 +404,7 @@
 	if ( len > out_max )
 	    len = out_max;
 	memcpy(out, bvals[0]->bv_val, len);
+  out[len] = '\0';
 	*out_ulen = len;

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux