rpms / cyrus-sasl

Clone
Source Code
GIT

Blame SOURCES/cyrus-sasl-2.1.26-handle-single-character-mechanisms.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   98b3ea92cc2d9a260ba7c777d74d0351a64a7c7c
  2.   SOURCES
  3.   cyrus-sasl-2.1.26-handle-single-character-mechanisms.patch
Blob History Raw
98b3ea 
From 7739268e775e6ed91509727b014cc1d367ad386d Mon Sep 17 00:00:00 2001
98b3ea 
From: Alexey Melnikov <alexey.melnikov@isode.com>
98b3ea 
Date: Sun, 30 Mar 2014 15:13:34 +0100
98b3ea 
Subject: When processing a list of mechanism names, we shouldn't allow a short
98b3ea 
 prefix match the whole mechanism name
98b3ea
98b3ea 
"A", "AN", etc where matching "ANONYMOUS". This patch fixes that.
98b3ea
98b3ea 
As reported by plautrba@redhat.com
98b3ea
98b3ea 
diff --git a/lib/common.c b/lib/common.c
98b3ea 
index e0f59eb..672fe2f 100644
98b3ea 
--- a/lib/common.c
98b3ea 
+++ b/lib/common.c
98b3ea 
@@ -2428,6 +2428,11 @@ int _sasl_is_equal_mech(const char *req_mech,
98b3ea 
         *plus = 0;
98b3ea 
     }
98b3ea
98b3ea 
+    if (n < strlen(plug_mech)) {
98b3ea 
+	/* Don't allow arbitrary prefix match */
98b3ea 
+	return 0;
98b3ea 
+    }
98b3ea 
+
98b3ea 
     return (strncasecmp(req_mech, plug_mech, n) == 0);
98b3ea 
 }
98b3ea
98b3ea 
--
98b3ea 
cgit v0.10.2
98b3ea

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation