Hi,
I found that there is problem with ldap-based username canonicalization
(at least in cyrus-sasl-2.1.25).
This happens, when the input username is longer than canonical
user name returned from LDAP (note, there is an exception for
the cases, when the attribute defined as canonical name is used
as entry's RDN).
Consider, we have original login 12345678@xxxxxxxxxxx, for which
the canonical name (e.g. uid) returned from LDAP is 1234@xxxxxxxxxxx
(and uid is NOT used as entry's RDN). In the current version
the canonicalization will go as follows:
original login: 12345678@xxxxxxxxxxx
canonical val: 1234@xxxxxxxxxxx
result from sasl: 1234@xxxxxxxxxxxxxxx
What is wrong here is, that in current version of cyrus-sasl the result
buffer
contains garbage at end (the extra '.tld' above). Someone forgot to append
trailing '\0' to the end of string.
I attach a patch which fixes the issue.
NOTE: this bug was reported to the maintainers of Debian's package
libsasl2-modules-ldap,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689346
but I see no activity since 10 days, so I decided to send it here.
With best regards!
--
Pawel Tomulik
--- cyrus-sasl-2.1.25.orig/plugins/ldapdb.c 2012-10-13 12:53:09.544716240 +0200
+++ cyrus-sasl-2.1.25.patched/plugins/ldapdb.c 2012-10-13 12:54:59.373188486 +0200
@@ -404,6 +404,7 @@
if ( len > out_max )
len = out_max;
memcpy(out, bvals[0]->bv_val, len);
+ out[len] = '\0';
*out_ulen = len;
ber_bvecfree(bvals);
}
