Package: libsasl2-modules-ldap
Version: 2.1.25.dfsg1-5
Severity: important
Tags: upstream security patch
Hi,
there is problem with ldap-based username canonicalization, when the
canon_attr attribute (that is not RDN) value returned by LDAP is shorter
(fever characters) than original username (provided as input to auxprop)
had. For example:
original login:ptomu...@example.com
canonical val: 1...@example.com
result: 1...@example.com.com
This may be observed, for example, if one does canonicalization with auxprop +
ldapdb and passes canonical name to saslauthd.
It's enough to look into 'plugins/ldapdb.c' to see the cause . The problematic
function is ldapdb_canon_server() which sometimes forgots to append trailing
'\0' to output buffer.
I attach patch which fixes this issue.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libsasl2-modules-ldap depends on:
ii libc6 2.13-35
ii libldap-2.4-2 2.4.31-1
ii libsasl2-modules 2.1.25.dfsg1-5
libsasl2-modules-ldap recommends no packages.
libsasl2-modules-ldap suggests no packages.
--
Paweł Tomulik, tel. +48 22 234 7374
Instytut Techniki Lotniczej i Mechaniki Stosowanej
Politechnika Warszawska
Index: cyrus-sasl2-2.1.25.dfsg1/plugins/ldapdb.c
===================================================================
--- cyrus-sasl2-2.1.25.dfsg1.orig/plugins/ldapdb.c 2012-10-01 18:27:09.000000000 +0200
+++ cyrus-sasl2-2.1.25.dfsg1/plugins/ldapdb.c 2012-10-01 18:29:37.000000000 +0200
@@ -406,6 +406,7 @@
if ( len > out_max )
len = out_max;
memcpy(out, bvals[0]->bv_val, len);
+ out[len] = '\0';
*out_ulen = len;
ber_bvecfree(bvals);
}
