(auth_gssapi): Do not output surplus text after the '+'.
Don't use strdup as the username is not zero terminated. Thanks Simon Josefsson for the patch.
Showing
1 changed file
with
13 additions
and
2 deletions
| ... | @@ -132,7 +132,7 @@ auth_gssapi (struct imap4d_command *command, | ... | @@ -132,7 +132,7 @@ auth_gssapi (struct imap4d_command *command, |
| 132 | 132 | ||
| 133 | /* Start the dialogue */ | 133 | /* Start the dialogue */ |
| 134 | 134 | ||
| 135 | util_send ("+ GO AHEAD\r\n"); | 135 | util_send ("+ \r\n"); |
| 136 | util_flush_output (); | 136 | util_flush_output (); |
| 137 | 137 | ||
| 138 | context = GSS_C_NO_CONTEXT; | 138 | context = GSS_C_NO_CONTEXT; |
| ... | @@ -221,7 +221,18 @@ auth_gssapi (struct imap4d_command *command, | ... | @@ -221,7 +221,18 @@ auth_gssapi (struct imap4d_command *command, |
| 221 | protection_mech = mech; | 221 | protection_mech = mech; |
| 222 | client_buffer_size = sec_level & 0x00ffffffff; | 222 | client_buffer_size = sec_level & 0x00ffffffff; |
| 223 | 223 | ||
| 224 | *username = strdup ((char *) outbuf.value + 4); | 224 | *username = malloc (outbuf.length - 4 + 1); |
| 225 | if (!*username) | ||
| 226 | { | ||
| 227 | syslog (LOG_NOTICE, _("not enough memory")); | ||
| 228 | gss_release_buffer (&min_stat, &outbuf); | ||
| 229 | maj_stat = gss_delete_sec_context (&min_stat, &context, &outbuf); | ||
| 230 | gss_release_buffer (&min_stat, &outbuf); | ||
| 231 | return RESP_NO; | ||
| 232 | } | ||
| 233 | |||
| 234 | memcpy (*username, (char *) outbuf.value + 4, outbuf.length - 4); | ||
| 235 | (*username)[outbuf.length - 4] = '\0'; | ||
| 225 | gss_release_buffer (&min_stat, &outbuf); | 236 | gss_release_buffer (&min_stat, &outbuf); |
| 226 | 237 | ||
| 227 | maj_stat = gss_display_name (&min_stat, client, &client_name, &mech_type); | 238 | maj_stat = gss_display_name (&min_stat, client, &client_name, &mech_type); | ... | ... |
-
Please register or sign in to post a comment