Paweł Tomulik wrote:
Hi, I found that there is problem with ldap-based username canonicalization (at least in cyrus-sasl-2.1.25). This happens, when the input username is longer than canonical user name returned from LDAP (note, there is an exception for the cases, when the attribute defined as canonical name is used as entry's RDN). Consider, we have original login 12345678@xxxxxxxxxxx, for which the canonical name (e.g. uid) returned from LDAP is 1234@xxxxxxxxxxx (and uid is NOT used as entry's RDN). In the current version the canonicalization will go as follows: original login: 12345678@xxxxxxxxxxx canonical val: 1234@xxxxxxxxxxx result from sasl: 1234@xxxxxxxxxxxxxxx What is wrong here is, that in current version of cyrus-sasl the result buffer contains garbage at end (the extra '.tld' above). Someone forgot to append trailing '\0' to the end of string. I attach a patch which fixes the issue.
Seems to me the bug is elsewhere. The return value from this function explicitly provides the length of the result. The caller should be honoring the length, and not assuming the value is NUL-terminated.
NOTE: this bug was reported to the maintainers of Debian's package libsasl2-modules-ldap, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689346 but I see no activity since 10 days, so I decided to send it here. With best regards!
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
