Any info on CVE-2006-1721 ?
Alexey Melnikov
alexey.melnikov at isode.com
Tue Oct 3 13:38:01 EDT 2006
Biswatosh wrote:
>Thanks Alexei.
>
>Cud u or anybody else point out the CMU SASL page
>where I can get info about what to set CVSROOT to and
>etc?
>Must I become a member of sasl-cvs? And,then what?
>
>Or,to cut it short, please just tell me the lines
>changed in digestmd5.c for that bug.
>
>
The patch attached.
-------------- next part --------------
Index: digestmd5.c
===================================================================
RCS file: /cvs/src/sasl/plugins/digestmd5.c,v
retrieving revision 1.173
retrieving revision 1.175
diff -u -r1.173 -r1.175
--- digestmd5.c 29 Jul 2004 19:21:57 -0000 1.173
+++ digestmd5.c 27 Dec 2004 21:30:43 -0000 1.175
@@ -2242,7 +2242,8 @@
}
/* Sanity check the parameters */
- if (strcmp(realm, text->realm) != 0) {
+ if (((realm != NULL) && (strcmp(realm, text->realm) != 0)) &&
+ (text->realm[0] != 0)) {
SETERROR(sparams->utils,
"realm changed: authentication aborted");
result = SASL_BADAUTH;
More information about the Cyrus-sasl
mailing list