On 14/03/2014 14:42, Petr Lautrbach wrote:
Hello,
Hi Petr,
A server with this configuration:
mech_list: A
shows 'ANONYMOUS' in available mechanisms.
It's due to the fact that _sasl_is_equal_mech() compares plug_mech only with the first strlen(req_mech) characters of plug_mech:
lib/common.c:2431: return (strncasecmp(req_mech, plug_mech, n) == 0);
where n is (usually) an equivalent of strlen(req_mech)
For ANONYMOUS, it means that any string from the following set of
{A, AN, ..., ANONYMOU, ANONYMOUS} will match ANONYMOUS.
Actually, the way code is structured, all prefixes up to 4 characters
will match and the rest will not. Which is probably worse from the
consistency point of view.
The fix could be to first compare the length of plug_mech with 'n'.
This might be also a feature - to allow multiple plugin mechanism using one mech_list string,
but it doesn't feel right for me as I haven't found any documentation about that.
You right, this looks like a bug. I will fix.
