Cyrus SASL 2.1.25 Released
julien at trigofacile.com
Thu Sep 15 15:12:40 EDT 2011
>>> * Fixed a crash caused by aborted SASL authentication
>>> and initiation of another one using the same SASL context.
>> Does it mean that this patch is no longer necessary with Cyrus SASL
> I think this patch should stay and it is safe.
>> It appears that sasl_decode64() returns SASL_CONTINUE instead of
>> SASL_BADPROT when there is a base64-encoding error.
> sasl_decode64 can return a number of error codes (SASL_BUFOVER is
> another one) and relying that it will always returns SASL_BADPROT is a
> bad coding practice, IMHO. Everything != SASL_OK should be treated with
> the exception of SASL_CONTINUE. SASL_CONTINUE is only returned when
> there is an incomplete base64 string. Whether this is an error or not,
> it depends on the application. I.e. if there is no more data coming,
> then it is an error.
All right, many thanks for your answer.
We do not rely on SASL_BADPROT. Other error codes are caught and
properly displayed. The NNTP protocol (RFC 3977 + RFC 4643) has a
special 504 answer for base64 errors; that's why a response code
different from SASL_BADPROT causes a problem when we strive for RFC-3977
Yes, you're right when saying that we know that no more data will come.
So, basically, I am using:
(sasl_response == SASL_CONTINUE ? SASL_BADPROT : sasl_response);
which properly catches all error codes, as well as SASL_OK.
« Le chemin le plus court d'un point à un autre est la ligne droite,
à condition que les deux points soient bien en face l'un de
l'autre. » (Pierre Dac)
More information about the Cyrus-sasl