tags 400955 = confirmed patch pending thanks On Thu, 2006-11-30 at 09:49 -0500, Sam Hartman wrote: > So, that's why I I did give you a principal and password and sufficient > installation instructions to trivially set up a case to reproduce on > any Debian box on the open internet. > > I don't mind if people trying to fix this bug attempt to use my > server. I'll delete [EMAIL PROTECTED] after the bug is closed.
Ah, I just assumed that it was merely a conceptual example. I didn't realize that it was a functional example. Thanks for providing one end of the test environment! :) > Since this is a base64 error, I suspect it's probably in the base sasl > library not in the gssapi module. I really have only dug around in > the guts of Cyrus SASL's GSSAPI module, not the protocol handling etc. > > That or memory corruption. The new Cyrus SASL has a partially rewritten sasl_decode64 function, which is stricter and more complete than the old one. However, it seems that applications (at least imtest) assume they can pass in a CRLF-terminated string. The code anticipates this in a comment, but doesn't actually implement CRLF-ignoring at the end of the string. The attached patch makes sasl_decode64 ignore a trailing CRLF. More eyes are welcome! Please let me know if the patch seems to be incorrect. Thanks, -- Fabian Fagerholm <[EMAIL PROTECTED]>
0015_saslutil_decode64_fix.dpatch
Description: application/shellscript
signature.asc
Description: This is a digitally signed message part
